European and international law enforcement agencies have stepped up their efforts to track down individuals linked to the Black Basta ransomware operation. Officials confirmed that the suspected leader of the Russia‑associated ransomware‑as‑a‑service (RaaS) group has been added to both the European Union’s Most Wanted list and INTERPOL’s Red Notice system. At the same time, investigators in Ukraine and Germany have identified two additional suspects believed to be operating from within Ukraine.
According to public announcements, Ukraine’s National Police and Germany’s Federal Criminal Police Office (BKA) worked jointly to uncover members of a Russia‑aligned cybercriminal group. Their investigation identified two Ukrainian nationals who allegedly carried out technical roles vital to the Black Basta ransomware network. Authorities also formally named the suspected organizer of the group as Oleg Evgenievich Nefedov (Нефедов Олег Євгеньевич), a 35‑year‑old Russian citizen.
Law enforcement agencies stated that Nefedov is now internationally wanted. He has been added to the EU’s Most Wanted list, and an INTERPOL Red Notice was issued at Germany’s request, coordinated by the BKA and the Frankfurt am Main Prosecutor’s Office’s Central Office for Combating Internet Crime (ZIT).
German officials are seeking Nefedov on charges related to “aggravated extortion, forming and leading a criminal organization, and additional offenses.”
Details on the Alleged Leader and Technical Members
German investigators allege that Nefedov founded and directed the Black Basta ransomware group, acting as its top decision‑maker. Under various aliases—including tramp, tr, AA, Kurva, Washingt0n, and S.Jimmi—he is believed to have developed and managed the Black Basta malware. Authorities say he operated as the group’s de facto “managing director,” selecting targets, recruiting associates, assigning roles, negotiating ransoms, overseeing cryptocurrency payments, and distributing profits to group members.
The Ukrainian National Police said that cyber police units and investigators from the Main Investigative Department, alongside the Prosecutor General’s Cyber Department, cooperated with the BKA to disrupt the group’s operations. As part of the international effort, two individuals located in Ukraine were identified as conducting technical tasks essential to carrying out ransomware attacks.
Investigators said these individuals specialized in breaching protected networks and preparing for ransomware intrusions. Acting as “hash crackers,” they allegedly extracted passwords from corporate systems using specialized tools. After acquiring employee credentials, they are accused of gaining unauthorized access to internal networks, escalating privileges, and expanding their reach within corporate infrastructures.
Authorities reported that this access enabled them to compromise key systems, steal sensitive data, and deploy file‑encrypting malware. Victims were then pressured to pay ransoms—usually in cryptocurrency—in exchange for decryption keys and restoration of their data.
Court‑authorized searches were conducted at the suspects’ homes in the Ivano‑Frankivsk and Lviv regions. During these raids, police seized digital evidence and cryptocurrency assets linked to unlawful activities.
Global Impact of Black Basta Ransomware
Working with Europol specialists, investigators also identified Nefedov as the likely organizer of the larger criminal enterprise. International partners believe he may have also played a role in the operations of the infamous ransomware group Conti.
Authorities described Black Basta as one of the most dangerous cybercriminal organizations in recent years. Between 2022 and 2025, the group is believed to have attacked hundreds of organizations, government entities, and institutions across highly developed Western nations, causing damages estimated in the hundreds of millions of euros. Victims included organizations across sectors such as healthcare, manufacturing, and construction, spanning the United States, the United Kingdom, Canada, Australia, and multiple EU member states.
The investigation is part of a broader cooperative effort involving Ukraine, Germany, Switzerland, the Netherlands, and the United Kingdom. Ukrainian police noted that earlier investigative actions—including searches in Kharkiv and surrounding areas—had already been conducted at the request of foreign partners.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
