RHC Dark Lab : 2 June 2025 09:59
On May 10, 2025, the City of Pisa suffered a ransomware attack within their computer systems. The next day Nova claimed the attack and on the 21st of the same month threatened to publish 2TB of data stolen from the municipality’s servers.
Nova RaaS appeared the first time in the April 2025 period making itself known for its direct and humiliating public communications to victims. From their DLS there does not appear to be a particular focus on specific sectors or states. Nova revamped predecessor RaLord by even going so far as to create a customized chat system for communications with their affiliates.
Nova rapresents one of the many RaaS that appeared in early 2025 confirming the dynamic nature of the ransomware ecosystem. After the attack on the Pisa municipality, DarkLab got in touch with Nova to offer him an interview that could be published on RedHotCyber. In a short time Nova agreed to offer his answers to our questions.
The RaaS did not limit themselves to just responses but hosted DarkLab in one of their domains used for negotiation chats going to customize the entire room with a RedHotCyber theme, below are some images of NovaChat posted with the group’s consent.
The group was keen to point out that the interviews they give are called BlackView, so we leave you with BlackView at RaaS Nova!
All interviews conducted with threat actors are published without any alterations, edits, or reinterpretations. The responses are presented exactly as provided by the individuals or groups interviewed, to ensure the highest level of authenticity and transparency. RHC does not mediate, censor, or modify the content in any way, allowing readers to directly assess the tone, language, and intentions expressed by the threat actors themselves.
RHC: Nova, we welcome you to RedHotCyber! Thank you very much for your willingness to share your voice with our readers. You are a recently appeared group so let us leave you with an introduction about your group and your operations. Also can you give us the motivation for your name?
NOVA: Thank you for visit , first of all we are new RaaS market working with Advanced methods , Encrypt data for any victim we gain access too , demand ransom depend about victim , also , we share methods and provide lockers for our affiliates and help them to build crypto business , about the name we was make it as RALord in first , but we receive message from other group named RAworld (chinese) , they was want join us , but we don’t accept any other teams to work with us , so we change name to Nova , any way the name doesn’t important like work , about Nova name its was random one
RHC: How did you get started in Nova and what were the most difficult steps? Have you had experience with other RaaS in the past and if so how do you rate the environment you have been in?
NOVA: I am who create Nova , I was leader in many other RaaS , talking about 2018 and 2020 , working with premier extortion , so just encrypt without BLOGs , this is the first RaaS I become leader on , the old groups wasn’t have enough skills , we was get paid but not lot , Nova is the best group iam work with , pro team , and high skills , this is not my talk , its our work words
RHC: Outside of the ransomware ecosystem, do you have any other kind of technical background? What was your motivation for approaching this environment?
NOVA: Yea we have skills in other thing for sure , not just RaaS , make sure that the cybersecurity guy on company , we have all his mind , so we can make good attacks , motivation is money , and enjoying , Perhaps some anger as well without other Details
RHC: You attracted a lot of attention within Italian borders for your attack on the City of Pisa, can you tell us how you found the posture at the security level? How would you rate it as an attacker? What are 3 aspects you would improve to improve the cybersecurity of this recent victim of yours?
NOVA: I will not give the vulns or details lot but I can make it clean , the attack was organized by group , after gain access to 3 servers who was have lot of data was store it , we stole data and run lockers , we up perms to root (admin) and run to all disks , so all them stopped , and data encrypted , we was try to contact the admins to start negotiation , but they doesn’t care , so we leak some and sell others , we will not give any advices without negotiation to victims.
RHC: In the Pisa post published on your DLS you directly quoted ACN (National Cybersecurity Agency) with the phrase “this was just the beginning, go ask for help from ACN, enjoy with data,” may we ask why?
NOVA: ACN , I was think they will protect them by fight us like spain police , but nah skip.
RHC: Sticking with Pisa attack, in what condition did you find the files you subsequently stole? Were any precautions present?
NOVA: I don’t think there is backups , iam who do the operation of encrypt , no backups because iam encrypt with admin perm , so all backups encrypted
RHC: Why should a potential affiliate of yours join Nova over other RaaS? What services do you offer and how do you ensure the best possible quality?
NOVA: First of all the lockers , most of ransomware groups use C/C++ or python to create ransomwares , windows defender alone will capture it , our lockers building with Rust , anti detection , all our affiliates wasn’t face any security capture they lockers , Microsoft made security against us , we just upgrade it in his day , so its get updated every week , and we use 90/10 for affiliates , support 24/7 , no affiliate ask thing and we doesn’t answer or ignoring , also we provide chat and panels like others , but the important thing for this market is Lockers.
RHC: One of the first noticeable characteristics of your group is a stinging public communication aimed at belittling victims posted on your DLS. Is this methodology simply part of Nova’s “character” or is there tactic present to push future victims into paying your ransoms?
NOVA: Is tactic, no details you will understand alone.
RHC: Your activities present no small number of risks, how do you live with these on an operational and personal level?
NOVA: I am in place even ISI can’t capture it , anonymous and work.
RHC: Do you have any RaaS from which you took inspiration in the creation phase of Nova?
NOVA: No , I don’t see lot of serious groups , maybe when I was with old groups I was motivate by the old leaders.
RHC: Have you ever considered the opportunity to leverage your technical capabilities to offer paid penetration testing and ethical hacking services to government agencies and corporations in a landscape where victims are less and less likely to pay ransoms? More generally, in your opinion, what direction is cybercrime taking? What should we expect from the future?
NOVA: I don’t help , ask who help and he will tell you his situation , expect good attacks.
RHC: What do you think of the operation launched by Prodaft called “Sell your Source” where the company proposes to buy accounts in hacking forums to spy on cyber criminals?
NOVA: well , I don’t care or think about law or security companies, we work just with who support us, about forums , I use it just for ads.
RHC: Besides the economic aspect, are your actions also driven by political and/or ideological motivations?
NOVA: If I was hacktivist yes , but iam not , iam fight just for my team and affiliates and me for sure.
RHC: Should we expect anything new from Nova in the future? If so, which ones?
NOVA: I will expect money , and you expect danger attacks.
RHC: What message do you want to communicate to your potential future victims?
NOVA: We are sorry , we just need money.
RHC: According to the victims posted on your DLS you are very heterogeneous in the area you target with your attacks. How do you plan your operations? Do you prefer to target specific assets or do you have a more dispersed approach? Are there any sectors that you intend not to impact in any way?
NOVA: Every company have bugs is victim, maybe we will target EUROPE and countries who affiliated with it in future.
RHC: How do you rate the public’s awareness of risk, in the digital environment? And in the institutional environment?
NOVA: No one care about cyber world , this is our exploit , trust me even if you make videos courses no one care, they think this world is hard , as advice all should stop to give them awareness.
RHC: Currently what is the main challenge for Nova?
NOVA: nothing , we work.
RHC: How do you respond to the statement “under no circumstances should you communicate with the attackers or even pay the ransom they demand”?
NOVA: You like that lose the company , for example Pisa , will lost more then 20 millions for GPDR , if they pay 500k or 600k nothing will happened , same for hospitals.
RHC: How would you evaluate this first period of your activity? Are you satisfied with your achievements so far?
NOVA: I am work , I don’t care about news , feds , just focus to goal.
RHC: Thank you Nova, we were pleased with your collaboration. We leave you free to say the last words to our readers
NOVA: Thank you friend , the questions was helpful , we answer what we can answer , to all followers of RHC , come on start RaaS with us , lets make money : : ))
RHC Dark Lab