Don Bosco Makati Ransomware Attack by nova (May 2026)

Claim Summary

On May 17, 2026, the ransomware group “nova” allegedly added Don Bosco Technical Institute of Makati (DBTI Makati) to its leak site. The threat actor claims to have exfiltrated data from the institution, which serves students from elementary through senior high school and technical vocational education. The group has not disclosed the volume of data allegedly stolen, nor has it provided any samples or proof of compromise at this time. This claim remains entirely unverified by Yazoul Security.

Don Bosco Technical Institute of Makati is a private Catholic educational institution in the Philippines, part of the Salesian network. It focuses on providing technical-vocational education to underprivileged youth, integrating academic excellence with spiritual formation.

Threat Actor Profile

The “nova” ransomware group is a relatively obscure threat actor with limited public attribution. Based on available intelligence:

• Track Record: The group has a small number of known victims, primarily targeting small-to-medium enterprises and educational institutions. Their operational history suggests they are an emerging group rather than a major established player like LockBit or BlackCat.
• Known Tools: No specific tools, custom malware, or TTPs have been publicly documented for nova. They may be using commodity ransomware variants or repurposed code from other groups.
• Tactics: Based on limited reporting, nova appears to employ double extortion - data exfiltration followed by encryption and public shaming on their leak site. However, their encryption methods and initial access vectors (e.g., phishing, RDP compromise, vulnerability exploitation) remain unknown.
• Credibility Assessment: Given the group’s lack of a proven track record and the absence of any data samples in this claim, their credibility is low to moderate. Ransomware groups often exaggerate or fabricate claims to pressure victims into paying. This claim should be treated with significant skepticism until independent verification is obtained.

No YARA rules or detection guidance are currently available for nova ransomware.

Alleged Data Exposure

According to the leak site entry, the threat actor claims to have accessed unspecified data from Don Bosco Technical Institute of Makati. The group has not provided:

• File lists or directory structures
• Data samples or screenshots
• Volume estimates (e.g., gigabytes or number of files)
• Categories of data allegedly stolen (e.g., student records, financial documents, employee PII)

The leak site description repeats publicly available information about the institution’s mission and educational programs, which does not constitute proof of compromise. This lack of evidence is consistent with a low-confidence claim.

Potential Impact

If the claim is verified, the potential impact on Don Bosco Technical Institute of Makati could include:

• Data Breach: Exposure of student records, enrollment data, academic transcripts, and financial aid information for underprivileged youth.
• Operational Disruption: Possible encryption of critical systems, including student information systems, learning management platforms, and administrative databases.
• Reputational Harm: Loss of trust among students, parents, and donors, particularly given the institution’s focus on serving vulnerable populations.
• Regulatory Consequences: Potential notification requirements under Philippine data privacy laws (Republic Act 10173 - Data Privacy Act of 2012), including mandatory reporting to the National Privacy Commission.

However, without confirmation, these impacts remain speculative.

What to Watch For

• Leak Site Updates: Monitor nova’s leak site for any future posting of data samples or proof files. If the group releases evidence, the credibility of the claim increases.
• Official Statements: Watch for any public acknowledgment or denial from Don Bosco Technical Institute of Makati. Educational institutions in the Philippines are generally required to disclose data breaches under the Data Privacy Act.
• Third-Party Notifications: Be alert for any notifications from law enforcement or cybersecurity firms regarding this incident.
• Phishing Risks: If data is confirmed stolen, affected individuals (students, parents, employees) may face targeted phishing or social engineering attacks using exposed information.

Disclaimer

This report is based on unverified claims made by the nova ransomware group on their leak site. Yazoul Security has not independently confirmed the compromise of Don Bosco Technical Institute of Makati. Ransomware groups frequently fabricate or exaggerate claims to coerce victims into paying ransoms. All information herein should be treated as preliminary and subject to change upon verification. No data samples, download links, credentials, or access methods are provided in this report. Organizations should not take action based solely on this intelligence without further investigation.