Ransomware victim disclosure
← All victimsStark Shipping
Claimed by Nova · listed 8 months ago
Status timeline
- ListedNov 15, 2025
- Data leakeddate unknown
At a glance
- Group
- Nova
- Status
- Data leaked
- Country
- Ukraine
- Sector
- Transportation/Logistics
- Listed on leak site
- Nov 15, 2025
About the victim
AI dossier — public-source company profileStark Shipping is a Ukrainian maritime service provider specializing in operations across the Black and Azov seas. The company offers port agency services, cargo chartering for bulk and liquid goods, and market analysis. It maintains a network of offices and strategic partnerships across Ukrainian ports.
- Industry
- Maritime Shipping & Port Agency Services
Attack summary
Severity: high — Data has been published (disclosed status: data_published) by the threat actor, confirming exfiltration of business operational data from a logistics/maritime company operating in a geopolitically sensitive region (Ukraine, Black and Azov seas). While no regulated PII at scale is explicitly mentioned, the confirmed publication of exfiltrated business data from a strategically relevant maritime operator warrants a high severity rating.The Nova ransomware group claims to have published data belonging to Stark Shipping, indicating exfiltration has occurred and data has been disclosed. No ransom amount or specific data volume was stated in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Port agency records
- Cargo chartering documents
- Market analysis reports
- Business correspondence
- Client/partner information
What the group claims
Ukraine A maritime service provider with extensive experience in the Black and Azov seas. Offers port agency services, cargo chartering (for bulk and liquid goods), and market analysis for customers. Has a network of offices and strategic partnerships in Ukrainian ports.
Sources
Source
Indexed 8 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

