Law enforcement agencies from Ukraine and Germany have raided the house of two suspected members of the Black Basta ransomware group, seizing evidence of their involvement in cybercriminal activities.
The raid took place on January 15 in Lviv and Ivano-Frankivsk, in Western Ukraine.
The police seized evidence of illegal activity, including digital storage devices and cryptocurrency assets.
The two men, whose identities were not revealed, allegedly conducted specific functions within the criminal group’s structure.
According to investigators, the pair performed the roles of ‘hash crackers,’ individuals who specialize in extracting passwords from account databases in information systems using specialized software.
This allowed the ransomware gang to gain unauthorized access to companies’ internal systems, expand the privileges of compromised accounts within corporate networks, steal data and deploy ransomware.
Between 2022 and 2025, the Black Basta ransomware group attacked hundreds of organizations in various countries, causing damages amounting to hundreds of millions of euros, the Ukrainian cyber police said.
Agencies involved in the raid included cyber police officers and investigators from the Main Investigative Directorate of the National Police of Ukraine and the German Federal Criminal Police Office (BKA).
Black Basta Alleged Kingpin Placed on Most Wanted Lists
This action was taken as part of a wider international law enforcement investigation spearheaded by Europol and involving services in the Netherlands, Switzerland and the UK.
The operation led to the identification of Oleg Evgenievich Nefedov, a 35-year-old Russian national who is believed to be one of the founders and leaders of Black Basta. He may have been involved in the activities Conti, another, now defunct, ransomware group.
Nefedov has been added to Europol’s EU Most Wanted and Interpol’s Red Notice lists.
In March 2025, a leaked trove of internal chat logs exposed potential connections between the Black Basta ransomware gang and Russian authorities.
Image credits: Cyber Police Unit, National Police of Ukraine / Europol / Shutterstock
