Ransomware Group: NOVA

VICTIM NAME: SD Soluciones Digitales

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the NOVA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On October 5, 2025, the leak post focused on SD Soluciones Digitales, a Guadalajara-based company operating in the Commercial Printing sector in Mexico. The entry lists the victim’s name and provides basic corporate context: roughly 10 to 19 employees and annual revenue in the MXN 5–10 million range, with the organization headquartered in Guadalajara, Jalisco. The post characterizes the incident as a data breach involving exfiltration of a substantial data set. The leak page states that about 80 GB of data were stolen, described as including invoices, resources, billing information, documents, and reports. While the post does not publish a ransom figure for this victim, it indicates there is a claim URL on the page to initiate negotiations. The post date aligns with the page’s publication date, and this entry forms part of a broader multi-victim leak page associated with the attackers’ operation. The overall framing is that of a data-leak event rather than a purely encrypted-system compromise.

The SD Soluciones Digitales entry is accompanied by a gallery of 25 image attachments referenced on the page as screenshots or internal-document thumbnails. The accompanying metadata describes these as depicting internal data materials, though the exact contents of individual images are not detailed in the summary. The data footprint cited for this victim—80 GB of data including invoices, resources, billing documents, and reports—illustrates a substantial exfiltration. A claim URL is noted on the leak page, offering a channel for potential negotiation, but the entry itself does not disclose a ransom amount or deadline. Taken in the context of the leak’s structure, this post reinforces the threat actor’s pattern of data theft alongside public or semi-public data exposure, while keeping the specifics of SD Soluciones Digitales’ ransom terms non-public in the provided summary.