The Black Basta Boss: Wanted by Interpol

Law enforcement in Ukraine and Germany have confirmed the identity of the leader of the Black Basta ransomware gang, adding the individual to the wanted lists of Europol and Interpol.

The Federal Criminal Police Office (BKA) in Germany has identified Oleg Evgenievich Nefedov, a 35-year-old Russian national, as the leader of the Black Basta ransomware gang.

Collaborating with German authorities, the Ukrainian police have also identified two additional individuals allegedly involved in the ransomware operation and conducted raids in the Ivano-Frankivsk and Lviv regions.

The police have stated that the two suspects specialized in gaining initial access to target networks and laying the groundwork for ransomware attacks.

“According to investigators, the suspects were adept at technically breaching protected systems and were involved in preparing ransomware-based cyberattacks,” said Ukraine’s cyberpolice.

“The attackers acted as hash crackers, specializing in extracting passwords from information systems using specialized software,” the press release explains.

After obtaining access credentials belonging to company employees, the suspects infiltrated internal corporate systems and escalated the privileges of the compromised accounts.

During the raids at the locations of the two suspected members of the Russian-affiliated hacker group, the Ukrainian police seized digital storage devices and cryptocurrency assets.

The Black Basta boss

Nefedov, known online by aliases such as tramp, tr, gg, kurva, AA, Washingt0n, and S.Jimmi, has been associated with the cybercriminal operation since last February, when over 200,000 chat messages between Black Basta members were leaked.

While Nefedov is believed to be the founder and leader of Black Basta, there is also credible evidence linking him to Conti, a now-defunct ransomware syndicate that emerged in 2020 as a successor to Ryuk.

Following Conti’s shutdown, it fragmented into smaller cells that either infiltrated other ransomware operations or took control of existing ones. Black Basta emerged as one of these new operations, seen as a rebranding of the former Conti.

Security researchers at Trellix analyzed the leaked texts and discovered conversations between GG and Chuck regarding a $10 million reward for information on ‘tr’ (possibly ‘amp’), potentially related to the US bounty for five key members of the Conti gang, including the hacker Tramp.

“In the leaked chat, GG was indeed identified as Tramp (Conti leader) by ‘bio’ (also known as ‘pumba’, another Conti member),” said Trellix researchers.

In February 2022, after Russia’s invasion of Ukraine, internal chats from the Conti operation were leaked, referencing Tramp as the leader.

Authorities have officially identified Nefedov as the leader of the Black Basta ransomware gang and have included him on Europol’s “Most Wanted” and Interpol’s “Red Notice” lists.

The Black Basta ransomware-as-a-service (RaaS) operation surfaced in April 2022 and is believed to be responsible for at least 600 ransomware incidents, data theft, and extortion targeting large organizations globally.

Notable victims include German defense contractor Rheinmetall, Hyundai’s European division, BT Group (formerly British Telecom), U.S. healthcare giant Ascension, government contractor ABB, the American Dental Association, U.K. tech outsourcing firm Capita, the Toronto Public Library, and Yellow Pages Canada.

BleepingComputer reached out to the Ukrainian police for further information about the operation, but a comment was not immediately available.

As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe.

See also  Fantasy Hub: How Telegram Became a Haven for Cybercriminals

This free cheat sheet outlines 7 best practices you can start using today.

Download Now