The nova threat actor has targeted CYMA SYSTEMS in the US, demanding a ransom for the decryption and return of their payroll and accounting data. The attack disrupted CYMA’s payroll operations, which serve complex payroll processing needs, and their employee self-service portal, threatening data security and business continuity. #UnitedStates
Incident Details
- Victim: CYMA SYSTEMS
- Country: US
- Actor: nova
- Source: http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion/#cyma-systems
- Discovered: 2025-12-25 15:24:12.035314
- Published: 2025-12-25 15:22:55.053411
Information
- CYMA SYSTEMS is a ransomware victim.
- Located in the US.
- Actor involved is Nova.
- CYMA Payroll and Accounting Software is tailored for high-volume payroll processing and specialized markets handling complex payrolls.
- The software offers Employee Self-Service, extending functionality to the web for added flexibility.
- Founded in 1980, CYMA has a long history of producing accounting software solutions.
- The software is capable of decrypting and returning data and stopping leak operations.
Disclaimer: This post is based on public claims made by the ransomware group "nova". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.