Ransomware: nova claims Lockers IT — Technology

A new ransomware group, operating under the name "nova," has claimed responsibility for an attack targeting "Lockers IT," a technology sector organization. The claim was published on the ransomware tracking platform ransomware.live on June 21, 2026, under the BREACH framework. This indicates that the group has likely exfiltrated data and is threatening to release it unless a ransom is paid. The specific technical details of the breach or the victim organization's full identity have not been disclosed at this time.

This incident primarily affects technology sector companies, particularly those providing IT services or managed infrastructure, as they are often high-value targets due to their access to client networks and sensitive data. However, any organization relying on third-party IT providers should consider themselves indirectly at risk, as supply chain attacks frequently follow initial breaches in the tech sector. Financial services, healthcare, and critical infrastructure entities that depend on outsourced IT support should be especially vigilant.

Compliance teams should immediately review their incident response plans to ensure they include procedures for ransomware and data exfiltration scenarios. Verify that your organization has robust network segmentation and that all critical backups are offline and tested. Additionally, assess your third-party risk management program, particularly for IT vendors, and ensure contractual obligations for breach notification are current. Finally, monitor ransomware.live and similar threat intelligence sources for any updates that may identify the full scope of this attack.