Threat Actor Profile
High
Cybercriminal
Description
Nova (formerly RALord) is a ransomware-as-a-service (RaaS) group that encrypts victims’files and uses double-extortion tactics to pressure organizations into paying for decryption and data non-disclosure.
Confidence Score
Tags
ransomware
ransomware.live
First Seen
Unknown
Last Updated
Unknown
Active Status
ActiveCreated
April 29, 2026
Indicators of Compromise
Loading IOCs…
IOC KQL for Sentinel
STIX Data
{'added_date': '2025-04-28',
'client': '2003264@sit.singaporetech.edu.sg',
'description': 'Nova (formerly RALord) is a ransomware-as-a-service (RaaS) '
'group that encrypts victims’files and uses double-extortion '
'tactics to pressure organizations into paying for decryption '
'and data non-disclosure.',
'firstseen': '2025-03-22T00:00:00+00:00',
'group': 'nova',
'has_negotiations': False,
'has_ransomnote': True,
'lastseen': '2026-04-21T12:06:02.878168+00:00',
'locations': [{'available': False,
'fqdn': 'novatd4577pzlvdyy42slydhrhru7fpcflbbxlajcmbfrgzyeis6d3id.onion',
'slug': 'http://novatd4577pzlvdyy42slydhrhru7fpcflbbxlajcmbfrgzyeis6d3id.onion',
'title': '',
'type': 'DLS'},
{'available': True,
'fqdn': 'pifk3xu3vad6cuxsjll4qjomyaaaoyvnyqppro75pazadzctrrvpdnyd.onion',
'slug': 'http://pifk3xu3vad6cuxsjll4qjomyaaaoyvnyqppro75pazadzctrrvpdnyd.onion',
'title': 'Nova Blog',
'type': 'Files'},
{'available': False,
'fqdn': 'novaxtychr6ohlc4zr5its73p6i7unpuhpwoodtzrg2y4w4seytatlid.onion',
'slug': 'http://novaxtychr6ohlc4zr5its73p6i7unpuhpwoodtzrg2y4w4seytatlid.onion',
'title': 'Nova Blog',
'type': 'DLS'},
{'available': False,
'fqdn': 'novaoddh3vxylxqpsfdjprliknbzgbkv6nkazpzu3cvykrgpyzuywryd.onion',
'slug': 'http://novaoddh3vxylxqpsfdjprliknbzgbkv6nkazpzu3cvykrgpyzuywryd.onion',
'title': '',
'type': 'DLS'},
{'available': True,
'fqdn': 'novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion',
'slug': 'http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion',
'title': 'Nova Blog',
'type': 'DLS'},
{'available': False,
'fqdn': 'novag4k2te3mstt2xq5irywlpaw6edgkpiwgg4t2q7eecisj2qqtvbid.onion',
'slug': 'http://novag4k2te3mstt2xq5irywlpaw6edgkpiwgg4t2q7eecisj2qqtvbid.onion',
'title': '',
'type': 'DLS'},
{'available': False,
'fqdn': 'leak7y2247fj7dbb35rpfyxuyaqtwbshiwxp6h35ttzlhrxmhvi4fead.onion',
'slug': 'http://leak7y2247fj7dbb35rpfyxuyaqtwbshiwxp6h35ttzlhrxmhvi4fead.onion',
'title': '',
'type': 'DLS'},
{'available': False,
'fqdn': 'novavdivko2zvtrvtllnq45lxhba2rfzp76qigb4nrliklem5au7czqd.onion',
'slug': 'http://novavdivko2zvtrvtllnq45lxhba2rfzp76qigb4nrliklem5au7czqd.onion/',
'title': 'Update Links - Nova GBlog',
'type': 'DLS'}],
'negotiation_count': 0,
'ransomnotes_count': 1,
'tiaras_metadata': {'has_negotiations': False,
'has_ransomnote': True,
'locations': [{'available': False,
'fqdn': 'novatd4577pzlvdyy42slydhrhru7fpcflbbxlajcmbfrgzyeis6d3id.onion',
'slug': 'http://novatd4577pzlvdyy42slydhrhru7fpcflbbxlajcmbfrgzyeis6d3id.onion',
'title': '',
'type': 'DLS'},
{'available': True,
'fqdn': 'pifk3xu3vad6cuxsjll4qjomyaaaoyvnyqppro75pazadzctrrvpdnyd.onion',
'slug': 'http://pifk3xu3vad6cuxsjll4qjomyaaaoyvnyqppro75pazadzctrrvpdnyd.onion',
'title': 'Nova Blog',
'type': 'Files'},
{'available': False,
'fqdn': 'novaxtychr6ohlc4zr5its73p6i7unpuhpwoodtzrg2y4w4seytatlid.onion',
'slug': 'http://novaxtychr6ohlc4zr5its73p6i7unpuhpwoodtzrg2y4w4seytatlid.onion',
'title': 'Nova Blog',
'type': 'DLS'},
{'available': False,
'fqdn': 'novaoddh3vxylxqpsfdjprliknbzgbkv6nkazpzu3cvykrgpyzuywryd.onion',
'slug': 'http://novaoddh3vxylxqpsfdjprliknbzgbkv6nkazpzu3cvykrgpyzuywryd.onion',
'title': '',
'type': 'DLS'},
{'available': True,
'fqdn': 'novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion',
'slug': 'http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion',
'title': 'Nova Blog',
'type': 'DLS'},
{'available': False,
'fqdn': 'novag4k2te3mstt2xq5irywlpaw6edgkpiwgg4t2q7eecisj2qqtvbid.onion',
'slug': 'http://novag4k2te3mstt2xq5irywlpaw6edgkpiwgg4t2q7eecisj2qqtvbid.onion',
'title': '',
'type': 'DLS'},
{'available': False,
'fqdn': 'leak7y2247fj7dbb35rpfyxuyaqtwbshiwxp6h35ttzlhrxmhvi4fead.onion',
'slug': 'http://leak7y2247fj7dbb35rpfyxuyaqtwbshiwxp6h35ttzlhrxmhvi4fead.onion',
'title': '',
'type': 'DLS'},
{'available': False,
'fqdn': 'novavdivko2zvtrvtllnq45lxhba2rfzp76qigb4nrliklem5au7czqd.onion',
'slug': 'http://novavdivko2zvtrvtllnq45lxhba2rfzp76qigb4nrliklem5au7czqd.onion/',
'title': 'Update Links - Nova GBlog',
'type': 'DLS'}],
'negotiation_count': 0,
'ransomnotes_count': 1,
'ransomware_live_group': 'nova',
'tools': {},
'url': 'https://www.ransomware.live/group/nova',
'victims': 102,
'vulnerabilities': []},
'tiaras_source': 'ransomware.live',
'tools': {},
'ttps': [],
'url': 'https://www.ransomware.live/group/nova',
'victims': 102,
'vulnerabilities': []}