Ransomware Group: NOVA

VICTIM NAME: The University of Zagreb Faculty of Science

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the NOVA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak concerns the University of Zagreb Faculty of Science, an esteemed academic institution in Croatia specializing in education and scientific research. The compromise was detected on July 2, 2025, and the ransomware group responsible is identified as “nova.” The leak website provides a claim link, which typically contains the data released or threatened to be published. Given the nature of the leak, it likely involves sensitive academic data or internal documents, although no explicit details are disclosed in the available information. The webpage includes references to the attack timestamp and an online presence link, but no screenshot or direct download links are provided in the data extracted.

The description indicates that the attack targeted an important educational entity, potentially exposing valuable or confidential data related to the university’s operations or scientific activities. The incident underscores the cybersecurity vulnerabilities faced by academic institutions, especially those with extensive data repositories. The leak webpage is associated with the group “nova,” known for its involvement in similar ransomware or data theft campaigns. Additional details such as images or screenshots are not available, and no specific PII or sensitive information is disclosed publicly. Authorities and the university are likely investigating the situation further to assess the impact of this attack.