#Black Basta Ransomware Leader Added to EU and Interpol 'Most Wanted' Lists

A 35-year-old Russian national wanted for founding and directing the Black Basta hacking group.

#Background

The alleged leader of the Black Basta hacking group, responsible for over 525 ransomware attacks since 2022, has been added to the European Union's Most Wanted list and Interpol's Red Notice list.

#Suspect Details

Oleg Evgenievich Nefedov, a 35-year-old Russian national, is suspected of founding and directing the group's operations, making a significant contribution to global cyber attacks. According to German law enforcement authorities, Nefedov held the position of managing director within the group, deciding on attack targets, recruiting employees, and managing ransom payments.

#Group's Modus Operandi

The Black Basta group infiltrated foreign computer systems, stole data, and encrypted systems to demand a ransom in cryptocurrencies for decryption. Nefedov is also believed to have been involved in the now-defunct Conti ransomware group.

#Other Group Members Identified

Ukrainian and German authorities have identified two further members of the group, who operated in Ukraine and specialized in technical hacking of protected systems. The suspects' residences were searched, and multiple digital devices and cryptocurrency assets were seized.

#Australian Connection

Black Basta caused a stir in Australia in 2024, claiming Australian firm Zirco Data as a victim on its darknet leak site. The hackers claimed to have 395 gigabytes of data, including financial documents and personal user folders. Several of Zirco Data's clients, including Monash Health and the Department of Home Affairs, were affected.

#Affected Australian Companies

The following Australian companies were listed as part of a larger data leak of over 700 gigabytes, linked to a Black Basta attack on a local cloud hosting service:

• Advanced Catering Systems
• Australian Textile Mills
• Aus Weave
• The Local Bar
• Optimum Health Services
• Wilson Fabrics