Black Basta rebranding of Conti in the ransomware ecosystem
Threat Actor Meta
Summary
Hide ▲
Show ▼
Black Basta is being described as a rebranding of Conti, underscoring how major ransomware crews can repackage personnel and infrastructure into new operations. That lineage matters because it helps explain how a RaaS group built reach against large organizations worldwide and sustained a broad extortion footprint.
Related Happenings
Phobos long-running ransomware-as-a-service operation and broad distribution
Threat Actor Meta
First: 17.02.2026 13:31
Last: 17.02.2026 13:31
Sources 1
About this happening:
**Phobos** remains a **long-running ransomware-as-a-service** operation linked to the **Crysis** family, with a broad affiliate ecosystem that has driven repeated intrusions world...
Phobos long-running ransomware-as-a-service operation and broad distribution
Threat Actor MetaAbout this happening: **Phobos** remains a **long-running ransomware-as-a-service** operation linked to the **Crysis** family, with a broad affiliate ecosystem that has driven repeated intrusions world...
Latest development: 05.03.2026 10:34
Evgenii Ptitsyn pleaded guilty to wire fraud conspiracy for administering Phobos ransomware, a long-running RaaS operation linked to the Crysis ransomware family. The U.S. Department of Justice says Phobos collected more than $39 million in ransom payments from over 1,000 public and private entities worldwide, and Ptitsyn was extradited from South Korea in November 2024 before the plea.
ShadowSyndicate infrastructure expansion suggests IAB or bulletproof hosting operations
Threat Actor Meta
First: 04.02.2026 17:00
Last: 04.02.2026 17:00
Sources 1
About this happening:
**ShadowSyndicate** has expanded its attributed infrastructure through **new SSH fingerprint markers** and server overlaps, strengthening the case that it operates as an **initial...
ShadowSyndicate infrastructure expansion suggests IAB or bulletproof hosting operations
Threat Actor MetaAbout this happening: **ShadowSyndicate** has expanded its attributed infrastructure through **new SSH fingerprint markers** and server overlaps, strengthening the case that it operates as an **initial...
Oleg Evgenievich Nefedov wanted listing in Black Basta case
Law Enforcement
First: 16.01.2026 21:00
Last: 16.01.2026 21:00
Sources 1
How related:
The identity of the Black Basta ransomware gang leader has been confirmed by law enforcement in Ukraine and Germany, and the individual has been added to the wanted list of Europol and Interpol.
About this happening:
Authorities seized digital storage devices and cryptocurrency assets in raids against the **Black Basta** ransomware network, deepening a cross-border case against its leadership...
Oleg Evgenievich Nefedov wanted listing in Black Basta case
Law EnforcementHow related: The identity of the Black Basta ransomware gang leader has been confirmed by law enforcement in Ukraine and Germany, and the individual has been added to the wanted list of Europol and Interpol.
About this happening: Authorities seized digital storage devices and cryptocurrency assets in raids against the **Black Basta** ransomware network, deepening a cross-border case against its leadership...
RedVDS and Storm-2470 cybercrime-as-a-service platform scaling disposable Windows cloud servers
Threat Actor Meta
First: 15.01.2026 09:11
Last: 15.01.2026 09:11
Sources 1
About this happening:
The **RedVDS** cybercrime-as-a-service platform has been identified as a long-running underground service that let multiple criminal groups rent disposable **Windows cloud servers...
RedVDS and Storm-2470 cybercrime-as-a-service platform scaling disposable Windows cloud servers
Threat Actor MetaAbout this happening: The **RedVDS** cybercrime-as-a-service platform has been identified as a long-running underground service that let multiple criminal groups rent disposable **Windows cloud servers...
RedVDS takedown with US, UK and Europol support
Law Enforcement
First: 14.01.2026 18:32
Last: 14.01.2026 18:32
Sources 1
About this happening:
**Microsoft** said it took **coordinated legal action** in the **U.S. and U.K.** to disrupt **RedVDS**, seizing **redvds[.]com** and related infrastructure with support from **Eur...
RedVDS takedown with US, UK and Europol support
Law EnforcementAbout this happening: **Microsoft** said it took **coordinated legal action** in the **U.S. and U.K.** to disrupt **RedVDS**, seizing **redvds[.]com** and related infrastructure with support from **Eur...
Timeline
-
16.01.2026 21:00 2 articles · 4mo ago
Black Basta is described as Conti's rebranding
Technical Analysis UpdateGermany's Federal Criminal Police Office (BKA) and Ukrainian law enforcement link Oleg Evgenievich Nefedov to Black Basta, and Black Basta is described as a rebranding of Conti after Conti shut down and split into smaller cells. Conti emerged in 2020 as a successor to Ryuk, placing Black Basta in a ransomware lineage that later operated as a RaaS crew against large organizations worldwide.
Show sources
- Black Basta boss makes it onto Interpol's 'Red Notice' list — www.bleepingcomputer.com — 16.01.2026 21:00
- Black Basta boss makes it onto Interpol's 'Red Notice' list — www.bleepingcomputer.com — 16.01.2026 21:00