Ukraine–Germany operation targets Black Basta, Russian leader wanted

Key Findings

Ukrainian and German police raided homes linked to alleged Black Basta ransomware members, identifying two Ukrainian suspects.
Law enforcement issued an international wanted notice for the group's alleged Russian ringleader, Oleg Nefedov.
Black Basta ransomware-as-a-service (RaaS) has been active since April 2022, impacting over 500 organizations worldwide and causing hundreds of millions of dollars in damage.
The cybercrime group has infected over 329 victims, including companies in Germany, North America, Europe, and Australia.
Authorities accuse Nefedov of forming a criminal organization, large-scale extortion, and cybercrime, including choosing targets, recruiting members, coordinating attacks, negotiating ransoms, and distributing cryptocurrency proceeds.

Black Basta ransomware-as-a-service (RaaS) has been active since April 2022.
The cybercrime group has impacted several businesses and critical infrastructure entities across North America, Europe, and Australia.
In December 2023, Elliptic and Corvus Insurance revealed that the group accumulated at least $107 million in Bitcoin ransom payments since early 2022.
According to the researchers, Black Basta has clear links to the Conti ransomware group.

Germany's Federal Criminal Police Office identified Russian national Oleg Nefedov as the alleged leader of the Black Basta ransomware group.
Authorities accuse Nefedov of forming a criminal organization abroad, large-scale extortion, and cybercrime.
Investigators say he chose targets, recruited members, coordinated attacks, negotiated ransoms, and distributed cryptocurrency proceeds.
Operating under multiple online aliases, Nefedov may also have links to the Conti ransomware group.
Believed to be in Russia, Nefedov is now on Interpol's international wanted list.

Ukrainian and German police raided homes linked to alleged Black Basta ransomware members in western Ukraine.
The raids identified two Ukrainian suspects who allegedly worked as "hash crackers," stealing and recovering passwords to enable network intrusions, data theft, and ransomware deployment.
During the searches, authorities seized mobile phones, computer equipment, and handwritten notes. Analysis of the seized materials is ongoing.
According to the press release, the documented activities of the group resulted in over 100 companies in Germany and about 700 companies worldwide experiencing prolonged disruptions to their operations, with damages in Germany alone exceeding 20 million euros.

https://securityaffairs.com/187008/cyber-crime/ukraine-germany-operation-targets-black-basta-russian-leader-wanted.html
https://x.com/shah_sheikh/status/2012602862455370052