Ransomware: nova claims AMACCAO — Not Found

A new ransomware group, operating under the name "nova," has claimed responsibility for an attack on the entity identified as "AMACCAO." The claim was published on the ransomware.live leak site on May 22, 2026, under the BREACH framework. At this time, no specific data or proof of exfiltration has been posted, but the listing indicates that the victim has been targeted and may face data exposure if demands are not met. The exact nature of AMACCAO is unclear, but based on naming conventions, it could be a public sector body, a healthcare institution, or a critical infrastructure operator in the EU.

Organizations in the public administration, healthcare, and critical infrastructure sectors should treat this as a high-priority alert. Any entity with similar naming patterns or operating under the AMACCAO acronym should immediately verify whether they have been compromised. The ransomware.live site is a known clearinghouse for threat actor claims, and this incident underscores the ongoing risk of extortion-driven attacks targeting EU-regulated entities.

Compliance teams should immediately conduct a sweep of their incident response logs for any unauthorized access or lateral movement indicators. They should also review their Data Protection Impact Assessments and breach notification procedures under GDPR, as any confirmed data exfiltration would require notification to the relevant supervisory authority within 72 hours. Finally, teams should ensure that their ransomware response playbook is updated and that backups are isolated and tested, as nova may deploy encryption or data theft tactics in the coming days.