Article Details

German cops add Black Basta boss to EU most-wanted list. Ransomware kingpin who escaped Armenian custody is believed to be lying low back home. German cops have added Russian national Oleg Evgenievich Nefekov to their list of most-wanted criminals for his services to ransomware. Nefekov, 35, is accused of spearheading the Black Basta ransomware operation, which suffered a similar fate as Conti last year – ceasing activity after a major internal leak. His name and face also now appear on the EU's most-wanted list after German authorities issued an appeal for information leading to his capture on Thursday. Active since 2022, Black Basta was the group that filled the LockBit-shaped void in the ransomware scene after the former juggernaut's downfall in 2024. It quickly became the leading group thereafter and attacked around 700 organizations worldwide, according to Germany's federal police (BKA). Oleg Evgenievich Nefekov – credit: Federal Criminal Police Office (BKA) The BKA accused Nefekov of being the "founder and ringleader" of Black Basta. Authorities say he is responsible for every attack the group's affiliates carried out. By the end of 2023, researchers estimated that Black Basta had generated more than $100 million in extortion payments. "Within the group, [Nefekov] held the position of managing director," read the notice. "In this role, he decided on attack targets, recruited employees, assigned them tasks, participated in ransom negotiations, managed the proceeds from the ransom payments, and used them to pay the group members. "Thus, the wanted individual, as ringleader, supported the ongoing use of the 'Black Basta' ransomware and other malware, through which the group infiltrated foreign computer systems, stole data, and encrypted systems in order to demand a ransom, payable in cryptocurrencies, for decryption." Nefekov is believed to be residing in Russia, but exactly where is unknown. German police specifically want to hear from individuals who can tell them where Nefekov is, details about his travel plans, and current online accounts and/or communication channels. They promise to keep all sources anonymous and say they do not want to hear about the Black Basta leaks of 2025, or the Conti leaks of 2022. An analysis of the leaks by security researchers at Trellix unearthed Nefekov's name as being linked with a string of online aliases: tramp, tr, gg, AA, kurva, Washingt0n, and S.Jimmi. The same analysis suggested that Nefekov – whose name appeared as Nefedov in the leaks – received help from the Russian state when he escaped custody after being arrested in Armenia in 2024.