Police raid homes of alleged Black Basta hackers, hunt suspected Russian ringleader

Steven

Police raid homes of alleged Black Basta hackers, hunt suspected Russian ringleader

Summary

Ukrainian and German authorities say they have identified two Ukrainians allegedly working for the Russia-linked ransomware group Black Basta and have placed the group’s suspected leader, Oleg Nefedov, on an international wanted list. The two suspects, operating from western Ukraine (Ivano-Frankivsk and Lviv regions), are accused of specialising in extracting login credentials — “hash cracking” — to prepare and enable ransomware attacks. Authorities seized digital storage and cryptocurrency assets during searches; forensic analysis is ongoing.

Black Basta, active since early 2022, is blamed for extorting hundreds of organisations worldwide, including ABB and Ascension, with estimated damages in the hundreds of millions. German police named 36-year-old Russian national Oleg Nefedov as the alleged ringleader, accusing him of recruiting members, assigning tasks, negotiating ransoms (usually demanded in crypto) and distributing proceeds. Nefedov is believed to be in Russia and has been placed on Interpol’s wanted list. Leaked internal chat logs in February previously exposed parts of the group’s structure and identities, and researchers note ties between Black Basta members and earlier groups such as Conti, Ryuk and the TrickBot network.

Key Points

  • Two suspected Black Basta operatives in western Ukraine identified by Ukrainian and German authorities; searches in Ivano-Frankivsk and Lviv yielded digital devices and crypto assets.
  • Suspects reportedly worked as “hash crackers,” recovering passwords from stolen data to gain initial access and escalate privileges inside victim networks.
  • Black Basta has targeted hundreds of organisations since early 2022, including major victims ABB and Ascension, with damages estimated in the hundreds of millions.
  • Germany’s BKA named Oleg Nefedov (36) as the alleged ringleader; he faces charges of forming a criminal organisation abroad, large-scale extortion and related cyber offences.
  • Nefedov is wanted internationally via Interpol, believed to be in Russia, and is alleged to have used multiple online aliases and possibly had ties to Conti.
  • Internal Black Basta chat logs leaked last year revealed operational details and identifying information about members; several linked actors previously worked with Conti, Ryuk and TrickBot.
  • Forensic analysis of seized material by Ukrainian prosecutors is ongoing and could yield more leads or indictments.

Context and relevance

This development is part of a wider trend of increased international cooperation to disrupt transnational ransomware gangs that operate with decentralised affiliates. Black Basta’s apparent links to former Conti actors and to long-running malware networks underline how personnel and tactics migrate between criminal groups. For organisations, the case highlights persistent risks from compromised credentials, the profitability of crypto-denominated ransoms, and the continuing need for robust identity, access and incident-response controls.

Why should I read this?

Quick take: law enforcement is scoring wins against a major ransomware crew, but the boss is still at large. If you work in security, IT operations, or run an organisation that handles sensitive data, this story matters — it shows how criminals gain access (stolen credentials), how widespread the damage is, and why monitoring crypto flows and hardening authentication are non-negotiable. We read the detail so you don’t have to — but don’t ignore the lessons.

Source

Source: https://therecord.media/police-raid-homes-of-alleged-black-basta-hackers