Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Ukraine–Germany operation targets Black Basta, Russian leader wanted

Police in Ukraine and Germany identified Black Basta suspects and issued an international wanted notice for the group’s alleged Russian leader. Ukrainian and German police raided homes linked to alleged Black Basta ransomware members, identifying two Ukrainian suspects. Law enforcement also issued an international wanted notice for the group’s alleged Russian ringleader. “The Office of […]

Black Basta ransomware

Police in Ukraine and Germany identified Black Basta suspects and issued an international wanted notice for the group’s alleged Russian leader.

Ukrainian and German police raided homes linked to alleged Black Basta ransomware members, identifying two Ukrainian suspects. Law enforcement also issued an international wanted notice for the group’s alleged Russian ringleader.

“The Office of the Prosecutor General, in close cooperation with the competent authorities of the Federal Republic of Germany, has uncovered two citizens of Ukraine who were part of the international cybercriminal group Black Basta.” reads the press release published by the Ukrainian Office of the Prosecutor General. “As part of international cooperation, law enforcement agencies from Ukraine and Germany conducted searches at the residences and activities of two citizens of Ukraine who were responsible for hacking hash files. The access data obtained in this way was used for further dissemination of malicious software in the networks of the victims. During the searches, mobile phones, computer equipment, and handwritten notes were seized. The analysis of the seized materials is ongoing.”

Black Basta ransomware-as-a-service (RaaS) has been active since April 2022, it impacted several businesses and critical infrastructure entities across North America, Europe, and Australia. The cybercrime group has impacted over 500 organizations worldwide, causing hundreds of millions of dollars in damage. Two suspects in western Ukraine allegedly worked as “hash crackers,” stealing and recovering passwords to enable network intrusions, data theft, and ransomware deployment.

Police seized digital devices and cryptocurrency during raids, and analysis of the evidence is ongoing.

“As part of the documented activities of the group, a series of cyberattacks have been recorded, resulting in over 100 companies in Germany and about 700 companies worldwide experiencing prolonged disruptions to their operations.” continues the press release. “Among the victims are hospitals, public institutions, and government authorities. According to available data, the damages in Germany alone exceed 20 million euros.”

In December 2023, Elliptic and Corvus Insurance published a joint research that revealed the group accumulated at least $107 million in Bitcoin ransom payments since early 2022. According to the experts, the ransomware gang has infected over 329 victims, including ABBCapitaDish Network, and Rheinmetall

The researchers analyzed blockchain transactions, they discovered a clear link between Black Basta and the Conti Group.

Germany’s Federal Criminal Police Office identified Russian national Oleg Nefedov as the alleged leader of the Black Basta ransomware group. Authorities accuse him of forming a criminal organization abroad, large-scale extortion, and cybercrime. Investigators say he chose targets, recruited members, coordinated attacks, negotiated ransoms, and distributed cryptocurrency proceeds. Operating under multiple online aliases, Nefedov may also have links to the Conti ransomware group. Believed to be in Russia, he is now on Interpol’s international wanted list.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Black Basta ransomware)