Nova RaaS

Also known as: Nova RaaS

Nova appears to refer to a ransomware-as-a-service (“RaaS”) infrastructure provider. Public threat reporting indicates that affiliates leveraging the Nova victim extortion site are known to use a Rust-based ransomware developed by the RALord ransomware operation, although an original “.nova” ransomware family has been identified as well.[SonicWall Nova Ransomware April 11 2025][Cyble April 17 2025]

Introduction

Nova appears to refer to a ransomware-as-a-service (“RaaS”) infrastructure provider. Public threat reporting indicates that affiliates leveraging the Nova victim extortion site are known to use a Rust-based ransomware developed by the RALord ransomware operation, although an original “.nova” ransomware family has been identified as well.[SonicWall Nova Ransomware April 11 2025][Cyble April 17 2025]

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • Nova:

Attribution and Evidence

Information pending cataloguing.

References

[1] [SonicWall Nova Ransomware April 11 2025 [2] [Cyble April 17 2025