• Law enforcement in Ukraine and Germany have publicly identified Oleg Evgenievich Nefedov, a 35-year-old Russian national, as the leader of the Black Basta ransomware group.
• He has been added to Interpol’s “Red Notice” list as well as Europol’s Most Wanted list—effectively an international alert to locate and arrest him.

A Red Notice is issued by Interpol to seek the location and provisional arrest of a person wanted for serious charges, pending extradition. It’s not itself an international arrest warrant, but it is the closest tool Interpol uses to coordinate cross-border law enforcement action.

Background on Black Basta

• Black Basta is a ransomware-as-a-service (RaaS) criminal operation believed to have been active since 2022.
• The group has been linked to hundreds of ransomware attacks worldwide, targeting major firms and institutions across sectors like defense, healthcare, technology, and public services.
• Investigations and leaked internal chats helped authorities tie Nefedov to the gang’s leadership and operational decisions.

Law enforcement action

• Police have raided locations in Ukraine tied to alleged Black Basta members and are continuing the international hunt.
• While Nefedov’s exact whereabouts remain unknown, authorities believe he may be in Russia—raising challenges for extradition or capture.

Implications

• Being on the Red Notice list increases pressure on Nefedov: it restricts travel and makes financial and operational activities riskier.
• For cybersecurity defenders and organizations, the spotlight on Black Basta may help disrupt parts of the gang’s ecosystem, though ransomware groups often adapt with new structures or aliases.