Ransomware activity attributed to the nova threat actor targeted sandox.info, and the site went down following the attack; limited OSINT was available since the company observed few additional details. After gaining access, the actor demanded data/exfiltration proof by providing stolen data samples and a directory tree to sandox’s support team when they made contact, impacting unknown country(ies) #Unknown
Incident Details
- Victim: sandox info
- Sector: Technology
- Country:
- Actor: nova
- Source: http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion/sandox-info
- Discovered: 2026-05-26T10:26:32.341262+00:00
- Published: 2026-05-26T00:00:00+00:00
Information
- Sandox.info was targeted by the Nova ransomware group.
- Limited OSINT is available because the site went down after the attack.
- The actor stated that tree and sample data from the stolen information would be provided to the company once it contacts the support department.
Disclaimer: This post is based on public claims made by the ransomware group "nova". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.