Nova, tracked under its current name since mid-May 2026 and previously operating as RALord, has posted 67 claimed victims in the last 30 days alone, out of 85 total, indicating an extremely compressed and accelerating operational tempo. The group operates as a ransomware-as-a-service platform and employs double-extortion, combining file encryption with threatened data publication to pressure targets into payment. Sector concentration skews heavily toward Technology (11 claimed victims), with Transportation/Logistics, Education, and the Public Sector each drawing repeated attention; the most recent claims, dated June 26, include Australia's NSW Rural Fire Service posted in multiple duplicate entries alongside a marine logistics firm, suggesting either affiliate redundancy or a deliberate pressure tactic. Geographically, claimed victims span the US, Indonesia, Australia, Vietnam, and Poland, pointing to a broad affiliate network rather than a regionally focused operation. The group is described as using standard RaaS tradecraft, which typically includes disabling host-based defenses prior to encryption and staging exfiltrated data for leverage, though all victim attributions and operational claims remain unverified.