**Ukraine-Germany Operation Targets Notorious Ransomware Group Black Basta**

Law enforcement agencies in Ukraine and Germany have joined forces to take down the notorious cybercrime group Black Basta, issuing an international wanted notice for its alleged Russian leader. The operation, which involved raids on homes linked to suspected members of the group, has shed light on the inner workings of one of the world's most feared ransomware gangs.

According to a press release from the Ukrainian Office of the Prosecutor General, two citizens of Ukraine were identified as part of Black Basta, a group that has been active since April 2022 and has impacted over 500 organizations worldwide. The suspects, who allegedly worked as "hash crackers," stole and recovered passwords to enable network intrusions, data theft, and ransomware deployment.

Police in Ukraine and Germany conducted searches at the residences of the two Ukrainian suspects, seizing mobile phones, computer equipment, and handwritten notes. Analysis of the seized materials is ongoing, but investigators have already uncovered a trail of evidence pointing to the group's alleged leader.

**The Alleged Leader: Oleg Nefedov**

Germany's Federal Criminal Police Office has identified Russian national Oleg Nefedov as the alleged leader of Black Basta. Authorities accuse him of forming a criminal organization abroad, large-scale extortion, and cybercrime. Investigators say he chose targets, recruited members, coordinated attacks, negotiated ransoms, and distributed cryptocurrency proceeds.

Nefedov is believed to be operating under multiple online aliases and may have links to the Conti ransomware group. He is now on Interpol's international wanted list, with investigators saying they believe he is hiding in Russia.

**The Impact of Black Basta**

Black Basta has been responsible for a string of high-profile cyberattacks, impacting over 100 companies in Germany and around 700 worldwide. Among the victims are hospitals, public institutions, and government authorities, with damages in Germany alone exceeding €20 million.

A joint research by Elliptic and Corvus Insurance published in December 2023 revealed that the group accumulated at least $107 million in Bitcoin ransom payments since early 2022. The researchers analyzed blockchain transactions and discovered a clear link between Black Basta and the Conti Group.

**The Investigation Continues**

As law enforcement agencies continue to investigate Black Basta, the operation serves as a reminder of the global reach and sophistication of modern cybercrime groups. With Nefedov on the run, authorities will be working to track down his digital trail and bring him to justice.

This is a developing story, and we will provide updates as more information becomes available. Follow me on Twitter: @securityaffairs and Facebook and Mastodon (SecurityAffairs – hacking, Black Basta ransomware) for the latest news and analysis on cyber threats and cybersecurity.