Interpol Issues Red Notice for Black Basta Ransomware Boss
▼ Summary
– Law enforcement in Ukraine and Germany have identified and are seeking Oleg Evgenievich Nefedov, a Russian national, as the leader of the Black Basta ransomware gang.
– Ukrainian police, with German support, raided locations and identified two suspects who specialized in breaching systems and stealing access credentials to enable ransomware attacks.
– Nefedov, linked to the now-defunct Conti ransomware syndicate, is believed to be a founder of Black Basta, which is considered a rebranding of Conti.
– The Black Basta operation, active since April 2022, is responsible for hundreds of ransomware attacks globally, targeting major organizations across various sectors.
– Authorities have officially added Nefedov to the wanted lists of Europol and Interpol following this investigation and confirmation of his role.
Law enforcement agencies in Ukraine and Germany have officially identified the leader of the notorious Black Basta ransomware gang, leading to his placement on international wanted lists. The individual, Oleg Evgenievich Nefedov, a 35-year-old Russian national, has been added to both Europol’s “Most Wanted” list and Interpol’s “Red Notice” system. This coordinated action marks a significant step in the global pursuit of high-profile cybercriminals responsible for widespread digital extortion.
In a parallel operation, Ukrainian cyberpolice, working with German authorities, identified two additional suspects believed to be key operatives for the ransomware group. Raids were conducted at locations in Ukraine’s Ivano-Frankivsk and Lviv regions. Investigators state these individuals specialized in the initial stages of cyberattacks, breaching secure systems and preparing the infrastructure for subsequent ransomware deployment. Their technical role involved extracting passwords from corporate information systems, a process known as “hash cracking.” After obtaining employee credentials, they would infiltrate internal networks and escalate the privileges of the compromised accounts. During the searches, authorities seized digital storage devices and cryptocurrency assets.
Nefedov, who operated under numerous online aliases including tramp, tr, and Washingt0n, has been linked to the Black Basta operation since early last year. This connection followed a massive leak of internal chat logs among the gang’s members. While he is identified as the founder of Black Basta, substantial evidence also ties him to the Conti ransomware syndicate, a major group that disbanded in 2022. Security analysts believe Black Basta represents a direct rebranding effort by former Conti members. Analysis of the leaked communications revealed discussions about substantial U.S. government bounties, with Nefedov’s alias, “Tramp,” being referenced as a key Conti leader.
The Black Basta ransomware-as-a-service (RaaS) operation first appeared in April 2022 and is assessed to be behind at least 600 major incidents globally. Their attacks involve data theft and extortion, targeting a wide range of critical organizations. Prominent victims include major corporations and institutions such as defense contractor Rheinmetall, healthcare provider Ascension, the BT Group, and the Toronto Public Library. The issuance of a Red Notice signifies a formal request to law enforcement worldwide to locate and provisionally arrest Nefedov pending extradition, highlighting the international severity of the charges against him.
(Source: Bleeping Computer)
