A cybercriminal group called Nova today took credit for a cybersecurity incident at the New South Wales Rural Fire Service.
The fire service yesterday reported a cybersecurity incident affecting its IT systems. Emergency response was not affected, but a data breach is likely, according to an email from the commissioner obtained by Cyber Daily.
Nova claimed responsibility for the data breach on its data leak website today. The ransomware group say sit stole 300 GB of data from the RFS.
NSW RFS has not acknowledged Nova’s claim and Comparitech cannot independently verify its authenticity. We do not know what data was compromised, how many people are affected, if the RFS did or will pay a ransom, how much Nova demanded, or how attackers breached the RFS’ network. Comparitech contacted the RFS for comment and will update this article if it replies.
“The RFS is aware of a cybersecurity incident involving our IT systems,” says the commissioner’s email.
“Investigations to date indicate many of the files are historical. Furthermore, there is no evidence to suggest sensitive personal information has been accessed or that any information has been obtained which, if disclosed, could adversely affect individuals.”
Who is Nova?
Nova, also known as RALord, is a ransomware group that emerged at the start of 2025. Its ransomware both steals files and locks down computer systems until a ransom is paid. The group operates a ransomware-as-a-service scheme in which affiliates pay to use Nova’s malware and infrastructure to launch attacks and collect ransoms.
In total, Nova has claimed responsibility for 143 ransomware attacks. Of those, 12 were confirmed by the organizations it targeted.
Comparitech researchers have confirmed four of Nova’s attack claims in 2026 so far. Aside from the NSW RFS, they include:
- Universitat de València (Spain) said it refused to pay Nova a ransom following a May 2026 data breach
- The website of LTI Services and Larick Towing (USA) was defaced in May 2026. It displayed a message saying Nova had seized it
- The website of Aspire Hospitals (India) was defaced in June 2026. It displayed a message saying Nova had seized it
The attack on NSW RSF is Nova’s second on a government entity. In May 2025, Comune di Pisa (Italy) refused to pay a $2 million ransom.
Ransomware attacks on public services
Comparitech researchers have logged 78 confirmed ransomware attacks on government agencies worldwide in 2026 to date. The attack on NSW RSF is the first such confirmed attack of the year in Australia.
We’ve recorded 10 more ransomware attacks on public entities confirmed this month:
- Allensbach Fire Department, Germany – The Gentlemen
- Capital Development Authority (CDA), Pakistan – unknown attackers
- Neuwoges, Germany – INC
- Central Bank of Libya – Qilin
- Prince George County, US – RansomHouse
- Court of Auditors of Senegal – KRYBIT
- Ministry of Health of the Republic of Croatia, Croatia – The Gentlemen
- The National Museum, Denmark – The Gentlemen
- Tourist Information Mosel Guest Centre, Germany – unknown attackers
Ransomware attacks on government entities can both steal data and lock down computer systems. They can disrupt any number of government systems from bill payments to court records and even emergency dispatch. Governments must decide whether to pay a ransom for the stolen data and to restore systems, or else they can face extended downtime, permanent data loss, and putting data subjects at increased risk of fraud.
About the New South Wales Rural Fire Service
NSW RFS is a volunteer-based firefighting group responsible for protecting about 95 percent of the land in New South Wales and the Jervis Bay Territory. It is the world’s largest volunteer fire services with more than 70,000 members, and the main agency for combating bushfires in the state.