Black Basta Ransomware Group Exposed in Europe, Russian Leader Is Now Among EU’s Most Wanted

European and Ukrainian authorities have exposed two alleged key members of the Black Basta cybercrime group and identified its alleged leader – a Russian national now listed on both the EU Most Wanted and INTERPOL Red Notice databases.

Prosecutors in Ukraine who have been working with German police have revealed two Ukrainian nationals are accused of operating as technical specialists for Black Basta, a Russia-linked ransomware group that been around since early 2022.

The investigators traced the suspects to western Ukraine, where they allegedly focused on breaching networks and ransomware attacks.

Police searches in the Ivano-Frankivsk and Lviv regions eventually led to the seizure of digital storage devices, computers, phones, handwritten notes and cryptocurrency.

“The mentioned investigative actions were carried out as part of international cooperation between law enforcement agencies of Ukraine, Germany, Switzerland, the Netherlands, and the United Kingdom,” said the authorities.

“Earlier, at the request of foreign partners, the Office of the Prosecutor General had already conducted searches in the territory of Kharkiv and the Kharkiv region and other investigative actions regarding certain participants of this group on the territory of Ukraine,” they added.

The suspects and their alleged role

Ukrainian police said the two suspects were so-called “hash crackers,” specializing in extracting passwords from stolen data, enabling attacks in compromised corporate networks.

After the attackers found valid credentials, other members of the same group escalated privileges, exfiltrated stolen data and eventually deployed ransomware to extort victims.

Alleged Black Basta leader added to EU Most Wanted and INTERPOL Red Notice

German authorities also identified the group’s alleged leader as Oleg Evgenievich Nefedov, a Russian national. Law enforcement agencies say he’s responsible for forming and leading a criminal organization abroad, coordinating extortion campaigns and managing ransom negotiations.

Authorities added Nefedov to the European Union’s Most Wanted list in January 2026 and issued an INTERPOL Red Notice for his arrest.

“The accused is suspected of being the founder and ringleader of the „Black Basta“ group and, as such, of being responsible for the blackmail of more than 100 companies in Germany and approximately 600 others worldwide,” say the German authorities.

German police believe Nefedov currently lives in Russia, but authorities haven’t confirmed his exact location.

FAQ

What is Black Basta?

Black Basta is a ransomware-as-a-service group active since 2022, targeting companies, hospitals and public institutions worldwide.

Who leads Black Basta?

Authorities suspect that Oleg Evgenievich Nefedov, a Russian national, is the group’s leader.

Where did police make arrests and seizures?

Ukrainian and German authorities conducted searches in western Ukraine, seizing devices and cryptocurrency linked to two suspected operators.

How much damage did Black Basta cause?

Investigators estimate hundreds of millions of dollars in global damages, with losses in Germany exceeding €20 million.