Ukraine-Germany police raid homes linked to Black Basta ransomware group

Published: 18 January 2026
Last updated: 18 January 2026
Black Basta

Ukrainian and German police raided homes linked to the members of the notorious Black Basta ransomware group, which is responsible for over 700 compromised organizations worldwide.

During the raids in Ivano-Frankivsk and Lviv, two Ukrainian citizens were identified as part of Black Basta. They were allegedly involved in hacking hash files to recover passwords, enabling network intrusions, data theft, and ransomware attacks.

“As part of international cooperation, law enforcement agencies from Ukraine and Germany conducted searches at the residences and activities of two citizens of Ukraine who were responsible for hacking hash files,” the press release published by the Ukrainian Office of the Prosecutor General said.

ADVERTISEMENT

“The access data obtained in this way was used for further dissemination of malicious software in the networks of the victims. During the searches, mobile phones, computer equipment, and handwritten notes were seized. The analysis of the seized materials is ongoing.”

Police have seized cryptocurrency assets and digital devices, with the analysis currently underway.

Black Basta is known for breaching major healthcare organizations and causing over $100 million in damages, with warning alerts issued by agencies such as CISA and the FBI.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Google News Follow us

“As part of the documented activities of the group, a series of cyberattacks have been recorded, resulting in over 100 companies in Germany and about 700 companies worldwide experiencing prolonged disruptions to their operations,” the press release adds, noting that damages in Germany alone amounted to over 20 million euros.

In February 2025, Black Basta’s internal chats were leaked on Telegram. The leaker, who had access to Black Basta's internal open decentralized communication network for end-to-end encrypted messaging, Matrix, claimed they leaked the chats because the group was targeting Russian banks.

The chats showed that the gang members are particularly interested in VPN exploits, that some participants would occasionally pocket ransom funds without delivering decryption keys, and that at least one affiliate is a minor. They also revealed how the group operates on a day-to-day basis, showcasing their tactics, infrastructure, and even internal tensions between the members.

Russian national Oleg Nefedov, who was identified as the group’s leader by Germany’s Federal Criminal Police Office, has been added to the European Union's Most Wanted and INTERPOL's Red Notice lists. Nefedov’s exact location is unknown, although he’s believed to be in Russia.

ADVERTISEMENT
Share
Post
Share
Share
Share
Deutsch English Português (BR) Español Français Niederländisch Italian (IT)
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT