• Home
  • cyber
  • Zirco Data and Australian Textile Mills: Black Basta ransomware boss placed on EU and Interpol ‘most wanted’ lists
cyber Ransomware

Zirco Data and Australian Textile Mills: Black Basta ransomware boss placed on EU and Interpol ‘most wanted’ lists

Jun 16, 2022 2 min read
Zirco Data and Australian Textile Mills: Black Basta ransomware boss placed on EU and Interpol ‘most wanted’ lists

Black Basta Ransomware Leader Added to EU and Interpol Wanted Lists

The alleged mastermind behind the Black Basta ransomware group, Oleg Evgenievich Nefedov, a 35-year-old Russian national, has been added to the European Union’s Most Wanted list and Interpol’s Red Notice following a joint investigation by German and Ukrainian authorities. Nefedov is accused of founding and leading the group, which has carried out at least 525 ransomware attacks since its formation in 2022.

German law enforcement describes Nefedov as the group’s "managing director," responsible for selecting targets, recruiting members, overseeing ransom negotiations, and distributing profits. Authorities also link him to the now-defunct Conti ransomware group. Two additional suspects, operating in Ukraine, were identified for their role in hacking protected systems and extracting passwords to gain unauthorized access to corporate networks. Their residences were raided, resulting in the seizure of digital devices and cryptocurrency assets.

Black Basta, also known as Zirco Data hackers, gained notoriety in February 2024 after breaching Zirco Data, an Australian firm, and leaking 395GB of sensitive data, including financial documents and confidentiality agreements. The attack impacted clients such as Monash Health and the Department of Home Affairs. A month later, the group exposed over 700GB of data from more than a dozen Australian companies, including Advanced Catering Systems, Australian Textile Mills, and Optimum Health Services, following an attack on a local cloud hosting provider.

Source: https://www.cyberdaily.au/security/13104-black-basta-ransomware-boss-placed-on-eu-interpol-most-wanted-lists

ZIRCO Ltd. cybersecurity rating report: https://www.rankiteo.com/company/zirco-ltd

Australian Signals Directorate cybersecurity rating report: https://www.rankiteo.com/company/australian-signals-directorate

"id": "ZIRAUS1768801659",
"linkid": "zirco-ltd, australian-signals-directorate",
"type": "Ransomware",
"date": "6/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 'Monash Health, Department of '
                                              'Home Affairs, Advanced Catering '
                                              'Systems, Australian Textile '
                                              'Mills, Optimum Health Services',
                        'industry': 'Technology/IT Services',
                        'location': 'Australia',
                        'name': 'Zirco Data',
                        'type': 'Cloud hosting provider'},
                       {'industry': 'Healthcare',
                        'location': 'Australia',
                        'name': 'Monash Health',
                        'type': 'Healthcare'},
                       {'industry': 'Government',
                        'location': 'Australia',
                        'name': 'Department of Home Affairs',
                        'type': 'Government'},
                       {'industry': 'Catering/Food Services',
                        'location': 'Australia',
                        'name': 'Advanced Catering Systems',
                        'type': 'Business'},
                       {'industry': 'Manufacturing/Textiles',
                        'location': 'Australia',
                        'name': 'Australian Textile Mills',
                        'type': 'Business'},
                       {'industry': 'Healthcare Services',
                        'location': 'Australia',
                        'name': 'Optimum Health Services',
                        'type': 'Business'}],
 'attack_vector': 'Unauthorized access via hacked systems and password '
                  'extraction',
 'data_breach': {'data_encryption': 'Yes (ransomware encryption)',
                 'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'Likely',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Financial documents',
                                              'Confidentiality agreements',
                                              'Sensitive corporate data']},
 'description': 'The alleged mastermind behind the Black Basta ransomware '
                'group, Oleg Evgenievich Nefedov, a 35-year-old Russian '
                'national, has been added to the European Union’s Most Wanted '
                'list and Interpol’s Red Notice following a joint '
                'investigation by German and Ukrainian authorities. Nefedov is '
                'accused of founding and leading the group, which has carried '
                'out at least 525 ransomware attacks since its formation in '
                '2022. Black Basta has been linked to high-profile breaches, '
                'including attacks on Australian firms like Zirco Data, Monash '
                'Health, and the Department of Home Affairs.',
 'impact': {'brand_reputation_impact': 'High',
            'data_compromised': '395GB (Zirco Data), 700GB+ (multiple '
                                'Australian companies)',
            'identity_theft_risk': 'High',
            'systems_affected': 'Corporate networks, cloud hosting providers'},
 'initial_access_broker': {'entry_point': 'Hacked systems and password '
                                          'extraction',
                           'high_value_targets': 'Corporate networks, cloud '
                                                 'hosting providers'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain',
 'post_incident_analysis': {'root_causes': 'Unauthorized access via '
                                           'compromised credentials'},
 'ransomware': {'data_encryption': 'Yes',
                'data_exfiltration': 'Yes',
                'ransomware_strain': 'Black Basta'},
 'references': [{'source': 'Joint investigation by German and Ukrainian '
                           'authorities'}],
 'regulatory_compliance': {'legal_actions': 'Interpol Red Notice, EU Most '
                                            'Wanted List'},
 'response': {'law_enforcement_notified': 'Yes (German and Ukrainian '
                                          'authorities)'},
 'threat_actor': 'Black Basta (Zirco Data hackers)',
 'title': 'Black Basta Ransomware Leader Added to EU and Interpol Wanted Lists',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.