- Law enforcement from five countries raided homes in Ukraine to dismantle the Black Basta hacking group.
- Oleg Nefedov, the group’s alleged ringleader, is now on an Interpol wanted list for his part in the group.
- The investigation uncovered evidence that linked the group to hundreds of millions in damages.
In January, authorities from Ukraine and Germany led several raids against the Black Basta ransomware group. According to reports, this gang spent years attacking hospitals, companies and government offices across the West. They also reportedly stole crypto, sensitive data and more.
Investigators say that these hackers are responsible for hundreds of millions of euros in damages, and this crackdown is a major win for international cybersecurity.
Coordinated Action to Disrupt the Black Basta Ransomware Group
Police from Germany, Ukraine, the Netherlands, Switzerland and the United Kingdom reportedly joined forces to track the group.
Europol also provided support to help connect the dots across countries. According to reports, the Black Basta ransomware group has been active since early 2022 and used a “double extortion” method.
Using this method means that they don’t stop at locking up a company’s files. They also steal private data and threaten to release it if the victim refuses to pay.
Ukraine’s cyber police focused their efforts on the western regions of the country and identified two Ukrainian nationals as members of the gang.
These individuals allegedly worked as “hash crackers,” where their job was to take stolen data and use special software to figure out user passwords. Once they had these login credentials, the group could move deeper into a company’s internal systems to cause chaos.
Seizing Digital Evidence in Western Ukraine
Officers found more than just computers during the raids in the Ivano-Frankivsk and Lviv regions. They seized assets like crypto and various storage devices. While the police did not report the exact value of the seized crypto, these assets were likely used to pay for server hosting and other illegal tools.
The Black Basta ransomware group specifically targeted organisations they viewed as “economically viable.” This included Swiss industrial giant ABB and Ascension, the American healthcare provider.
The hackers would hit these large entities and then demand massive crypto ransom payments. In Germany alone, the group reportedly managed to extort roughly 20 million euros from about 100 different victims over the last few years.
The Hunt for the Alleged Ringleader
While the arrests in Ukraine are important, the main target is still at large. Germany’s Federal Criminal Police Office (BKA) identified Russian 36-year-old Oleg Nefedov as the suspected leader. He allegedly picked the targets, recruited new hackers and managed the ransom negotiations.
German Law Enforcement have added Oleg Evgenievich Nefekov to the EU Most Wanted list for his involvement with the Black Basta Ransomware Gang pic.twitter.com/R9tG0dOj9T
— vxdb (@vxdb) January 16, 2026
Authorities have now placed Nefedov on Interpol’s international wanted list. He is also known to use many online aliases, including “tramp,” “gg” and “Washingt0n.”
Investigators believe he may be hiding in Russia, where many ransomware leaders seek shelter. Nefedov also reportedly has ties to other notorious groups like Conti, which means that he might be a veteran when it comes to high-class extortion.
A Dark Connection to a Violent Crypto Heist
The investigation became much darker when the hacking group was linked to a fatal crime in Austria last year.
According to reports, a 21-year-old Ukrainian man was found dead in a burned-out car in Vienna. Police say two men forced the victim to surrender passwords to his crypto wallets.
Not only this, after draining the accounts, the attackers killed the man and set the vehicle on fire.
Two suspects (aged 19 and 45) were arrested for this murder, and while these men are not the same ones who were caught in the recent raid, the cases show Black Basta as a dangerous organisation.