Ukraine and German law raid Black Basta across Europe

Ukraine and German law enforcement launched coordinated raids targeting alleged members of the Black Basta ransomware group across multiple regions

ContentsInternational operation targets Black Basta networkYears of ransomware attacks and heavy lossesRaids uncover crypto assets and digital evidenceAuthorities said the operation identified key suspects, seized digital evidence, and triggered an expanded international manhunt. Investigators linked the group to a series of widespread cyberattacks, causing heavy financial losses between 2022 and 2025.

International operation targets Black Basta network

Ukraine and German law enforcement confirmed the raids followed a joint investigation with partners from Switzerland, the Netherlands, and the United Kingdom. Europol supported the probe and described Black Basta as a severe cybercrime threat. Officials said the group operated with a structured hierarchy and coordinated attacks across borders.

Ukrainian cyber police reported that two Ukrainian nationals were identified as active members of the network. Investigators also named an alleged Russian organizer believed to have founded the group. German authorities confirmed that Interpol issued a wanted notice for the suspect.

Officials said intelligence sharing played a central role in identifying suspects and tracking infrastructure. The investigation focused on digital footprints, communication records, and financial trails. Authorities stressed that cross-border cooperation enabled faster action against a complex criminal network.

Years of ransomware attacks and heavy losses

Investigators said Black Basta has operated since early 2022, targeting Western corporations, hospitals, and public institutions. Authorities said the group selected victims based on perceived economic capacity. Attacks affected organizations across Europe and the United States.

According to investigators, the group breached corporate systems by stealing employee credentials. Attackers then escalated privileges and accessed sensitive files. Malicious software encrypted data, while victims faced ransom demands for system restoration.

Law enforcement agencies estimated that damages reached hundreds of millions of euros during the three years. Officials said stolen data was also shared with other criminal networks. Europol warned that such tactics amplified risks to healthcare and industrial operations.

Raids uncover crypto assets and digital evidence

Ukrainian police said searches took place in the Ivano-Frankivsk and Lviv regions. Officers seized digital devices and cryptocurrency holdings during the raids. Authorities did not disclose asset values or specific tokens recovered.

Investigators said earlier searches in Kharkiv and nearby areas targeted additional suspects. German officials linked the alleged Russian organizer to prior ransomware operations. Prosecutors said Interpol channels were used at Germany’s request to widen the manhunt.

Ukrainian cyber police described Black Basta as a top-tier cybercrime operation. Officials said no single country can dismantle such groups alone. Agencies urged broader intelligence cooperation to disrupt future attacks.

The crackdown followed a separate Austrian case involving a fatal crypto robbery. Austrian police arrested two Ukrainian suspects after a victim was killed during an alleged wallet extortion. Authorities said the case highlighted growing violence tied to digital asset crimes.