Nova Ransomware Strikes Five Victims in Five Days, Including Russian Oil & Gas Firm
The Nova ransomware group escalated its activity between May 22 and 26, 2026, listing five victims across four continents in a rapid, geographically diverse campaign. The latest disclosures Eriell, a Russian oil and gas engineering firm, and sandox info, a technology company followed earlier attacks on Spain’s University of Valencia (May 23), Brazil’s SECONT (May 24), and Turkey’s Adensa Teknoloji (May 24).
With 122+ victims claimed since its inception, Nova’s recent surge stands out for its breadth and speed. The group’s targeting of Eriell, a Russian-headquartered company, defies the common ransomware practice of avoiding domestic entities due to prosecution risks. Possible explanations include Nova’s affiliates operating outside Russia or the firm’s international operations making it a viable target despite its Russian base.
The breach of Eriell poses significant risks, given the sensitivity of its data including project engineering documents, geological surveys, client contracts with national oil companies, and procurement records. Meanwhile, sandox info’s exposure could create supply chain vulnerabilities, as technology firms often hold source code, client credentials, and software license data.
Nova’s consecutive-day posting pattern suggests a multi-affiliate operation, with attacks executed in parallel rather than sequentially. The campaign’s geographic spread spanning Europe, South America, the Middle East, and Russia highlights the group’s expanding reach and willingness to target sectors typically avoided by other ransomware actors.
Eriell TPRM report: https://www.rankiteo.com/company/eriell-group
SECONT TPRM report: https://www.rankiteo.com/company/secont-secretaria-de-estado-de-controle-e-transpar-ncia
"id": "seceri1780323934",
"linkid": "secont-secretaria-de-estado-de-controle-e-transpar-ncia, eriell-group",
"type": "Ransomware",
"date": "6/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Oil & Gas',
'location': 'Russia',
'name': 'Eriell',
'type': 'Oil and gas engineering firm'},
{'industry': 'Technology',
'name': 'sandox info',
'type': 'Technology company'},
{'industry': 'Education',
'location': 'Spain',
'name': 'University of Valencia',
'type': 'Educational institution'},
{'location': 'Brazil', 'name': 'SECONT'},
{'location': 'Turkey', 'name': 'Adensa Teknoloji'}],
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Project engineering documents, '
'geological surveys, client '
'contracts, procurement records, '
'source code, client credentials, '
'software license data'},
'date_publicly_disclosed': '2026-05-22/2026-05-26',
'description': 'The Nova ransomware group escalated its activity between May '
'22 and 26, 2026, listing five victims across four continents '
'in a rapid, geographically diverse campaign. The latest '
'disclosures included Eriell, a Russian oil and gas '
'engineering firm, and sandox info, a technology company, '
'following earlier attacks on Spain’s University of Valencia '
'(May 23), Brazil’s SECONT (May 24), and Turkey’s Adensa '
'Teknoloji (May 24). With 122+ victims claimed since its '
'inception, Nova’s recent surge stands out for its breadth and '
'speed. The breach of Eriell poses significant risks due to '
'the sensitivity of its data, while sandox info’s exposure '
'could create supply chain vulnerabilities.',
'impact': {'data_compromised': 'Project engineering documents, geological '
'surveys, client contracts with national oil '
'companies, procurement records, source code, '
'client credentials, software license data'},
'motivation': 'Financial gain, possible supply chain disruption',
'ransomware': {'ransomware_strain': 'Nova'},
'threat_actor': 'Nova ransomware group',
'title': 'Nova Ransomware Strikes Five Victims in Five Days, Including '
'Russian Oil & Gas Firm',
'type': 'Ransomware'}