From the public prosecutor’s office in Frankfurt, Germany:
The Public Prosecutor General’s Office in Frankfurt am Main – Central Office for the Suppression of Internet Crime (ZIT) – and the German Federal Criminal Police Office (Bundeskriminalamt) request your assistance!
Oleg Evgenievich NEFEDOV (Нефедов Олег Евгеньевич) is wanted on suspicion of having formed a foreign criminal organisation and being involved in a particularly serious case of extortion as well as other offences.
Oleg Evgenievich NEFEDOV (or: Oleg Evgenyevich) is suspected of having formed the group responsible for the malware “Black Basta” and of having served as the group’s ringleader, which led to his playing a considerable part in global cyberattacks. In particular, it is suspected that the wanted person developed and established the ransomware Black Basta, acting under the pseudonyms <tramp>, <tr>, <gg>, <AA>, <kurva>, <Washingt0n> and <S.Jimmi>. He served as the head of the group. As such, he decided who or which organisations would be the targets of attacks, recruited members, assigned them tasks, took part in ransom negotiations, managed the ransom obtained by extortion and used it to pay the members of the group. As ringleader, the wanted person supported the continual use of the “Black Basta” ransomware as well as other malware programs that the group used to infiltrate foreign computer systems, steal data and encrypt systems in order to extort a ransom to be paid in cryptocurrencies in return for the decryption.
Further details
The group has been active since at least the beginning of 2022 and has used various malware programs, including the “Black Basta” ransomware – after which the group was named – in order to infect computer systems, steal sensitive data, encrypt systems and extort a ransom to be paid in cryptocurrencies in return for the decryption.
The person charged is suspected of being the founder and ringleader of the “Black Basta” group and as such, he is believed to be responsible for the extortion of more than 100 companies within the Federal Republic of Germany as well as approx. 600 others worldwide.
It may be assumed that the wanted person is living in the Russian Federation. The current whereabouts of the wanted person are unknown.
The police kindly ask you to provide information in response to the following questions:
- Have you seen Oleg Evgenievich NEFEDOV?
- Can you provide information on the current whereabouts of the wanted person?
- Do you have any information indicating that the wanted person travelled outside the Russian Federation?
- Were or are you in contact with the wanted person?
- Do you have any information on online accounts or means of communication that the wanted person currently uses?
The information provided can be treated as confidential in justified cases.
The Bundeskriminalamt is aware of the “Black Basta leaks”, which went public at the beginning of 2025, as well as the “Conti leaks”, “Trickbot leaks” and “Trickleaks” that all went public at the beginning of 2022. Information relating to this data is not needed.
German Federal Criminal Police Office
DataBreaches reported on Conti and Black Basta in past years. More recently, this site has reported on some of Devman’s activities. In online communications via Tox, Devman stated that he does not attack Saudia Arabia or Israel, but otherwise, he thinks it is okay to encrypt hospitals. In comments to SuspectFile, he went even further and talked about possibly locking hospital’s medical devices. SuspectFile found his claims so disturbing that they removed an interview with him that they had recently published. When DataBreaches tried to confirm with Devman whether he was seriously considering locking medical device systems in hospitals, he did not respond directly to the question but expressed his anger at SuspectFile for sharing his comments with this site, even though his comments had not been off the record.
NOTE and Correction: A previous version of this post’s headline noted that Devman was previously known as “Tramp” from Conti. DataBreaches has no proof of that, however, even though other sources have made that claim and it is alleged in the German law enforcement notice above.