Ransomware victim disclosure

Universitas Nasional (UNAS)

Claimed by nova · listed 4 hours ago

10 GB

Data size

Today

Age

since listed · data leaked

Status timeline

Listed
Jun 7, 2026
Data leaked

At a glance

Group: nova
Status: Data leaked
Country: Indonesia
Sector: Education
Listed on leak site: Jun 7, 2026
Data size: 10 GB

About the victim

AI dossier — public-source company profile

Universitas Nasional (UNAS) is an Indonesian educational institution offering undergraduate and postgraduate degrees across faculties including Social Sciences, Law, Economics, and Health Sciences. The university operates quality assurance systems, supports diverse student pathways including recognition of prior learning (RPL), and engages in research and international academic collaboration.

Industry: Higher Education

Attack summary

Severity: high — Confirmed exfiltration of 10 GB from an educational institution containing student and faculty records (PII at scale) combined with operational encryption. Educational records constitute sensitive personal data affecting potentially thousands of individuals.

Nova claims to have encrypted servers and exfiltrated 10 GB of institutional data from UNAS. The group offers decryption samples and proof files to incentivize contact.

high

Data the group says was taken

AI dossier — extracted from the leak post

Student records
Academic information systems
Faculty data
Institutional administrative records

What the group claims

An educational institution offering undergraduate and postgraduate degrees across various faculties such as Social Sciences, Law, Economics, and Health Sciences. Engages in research, community service, and international conferences.

The leak post

captured from the group's site

Universitas Nasional (UNAS) is an educational institution that offers a wide range of academic programs, including undergraduate and postgraduate degrees across various faculties such as Social Sciences, Law, Economics, and Health Sciences. The university aims to provide quality education and has implemented a robust internal quality assurance system. UNAS serves students from diverse backgrounds, including those pursuing regular and recognition of prior learning (RPL) pathways. Additionally, the university engages in research, community service, and hosts international conferences to enhance academic collaboration - Nova Provide tree and samples from stolen data to the company when its get in touch with support department.
Both aspirehospitals.co.in and aspirehospitals.in Under Nova Company Control, servers encrypted and patients data stolen, A Healthcare provider based on Plot No: 163, 208, Ekamra Road, Unit-6, Ganga Nagar, Bhubaneswar, India, Odisha, you need to think well to contact us for recover and to secure patients records - Nova Provide tree and samples from stolen data, free 2 files decrypt to the company when its get in touch with support department.
IBENA HEIMTEX is a …

Data the group says was taken

stolen data

Screenshot of the leak post

Leak screenshot for Universitas Nasional (UNAS)

Sources

Leak posthttp://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion

Source

Indexed 4 hours ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.

Is this your supplier? Your competitor? You?

Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

Disclosure context

About nova

Based on the limited available data, Nova is a recently emerged ransomware operation first observed in April 2025 with an apparent financial motivation, having targeted approximately 95 victims in its brief operational period. The group's origin and potential affiliations remain undocumented by major security firms, though their targeting pattern suggests a broad opportunistic approach rather than geopolitically motivated attacks. Nova's attack methodology and specific technical capabilities have not been publicly detailed by established threat intelligence sources, though their victim distribution across the United States, France, Brazil, Singapore, and the Netherlands indicates either automated widespread targeting or access to diverse initial compromise vectors. The group has demonstrated a preference for targeting healthcare, technology, manufacturing, and education sectors, suggesting they may focus on organizations with critical operational dependencies that increase pressure for ransom payment. Given the group's recent emergence and limited public documentation by major security researchers, Nova's current operational status, organizational structure, and long-term threat trajectory remain largely uncharacterized in established threat intelligence reporting. The group has been linked to 154 public disclosures across our corpus. First observed on a leak site on April 28, 2025; most recent post June 7, 2026. The operation is currently active.

Timeline of this disclosure

June 7, 2026Universitas Nasional (UNAS) listed by novaon the group's public leak site

Data size: 10 GB

Other recent disclosures by nova

nova has been linked to 154 public victims on Darkfield. A sample of the most recent:

Status timeline

At a glance

About the victim

Attack summary

Data the group says was taken

What the group claims

The leak post

Data the group says was taken

Screenshot of the leak post

Sources

Source

Is this your supplier? Your competitor? You?

Disclosure context

About nova

Timeline of this disclosure

Other recent disclosures by nova

Sector and geography