BERLIN: Police have carried out raids against two members of a ransomware group known as “Black Basta” in Ukraine, and issued an arrest warrant for its Russian head, German prosecutors said Thursday.
The group is accused of using malware to encrypt systems and then demanding money to restore them.
Between March 2022 and February 2025, its members extorted hundreds of millions of euros from around 600 companies and public institutions around the world, the prosecutors said in a statement.
The victims were mainly “companies in Western industrialized nations” but also included hospitals and other public institutions.
As part of a coordinated operation between Germany, the Netherlands, Switzerland, Ukraine and Britain, police searched the homes of two Ukrainian suspects and seized evidence, the prosecutors said.
Investigators have also identified and issued an arrest warrant for a Russian citizen accused of being the founder and head of the group, they said.
German police named the suspect as Oleg Evgenievich Nefedov, 35.
Nefedov “decided on targets, recruited employees, assigned them tasks, participated in ransom negotiations, managed the proceeds and used them to pay the members of the group,” the police said.
The searches in Ivano-Frankivsk and Lviv were directed against suspected members of the group accused of so-called hash cracking, a method of guessing passwords.
Ukrainian officials also searched the home of another member of the group near Kharkiv in August, whose job was allegedly to help ensure the malware was not detected by antivirus programs.
Black Basta extorted some 20 million euros ($23 million) from around 100 companies and institutions in Germany alone, the prosecutors said.