The alleged leader of the Black Basta ransomware group, Oleg Nefedov, who is wanted by Interpol and U.S. authorities, was arrested in Armenia and held in custody for 72 hours before managing to escape detention. The cybercriminal fled the courthouse during a hearing, before the judge could issue a formal decision on his temporary detention.
Intel 471 linked the identity of Black Basta’s leader—known by the aliases GG and tramp—to Oleg Nefedov. A recent leak of the gang’s internal communications has revealed extensive details about the group’s activities.
Notably, from June 21 to July 3, 2024, messages from GG abruptly ceased. When he reappeared online, he privately disclosed to another group member that he had been arrested by law enforcement and later escaped with the assistance of high-ranking individuals.
According to Armenian news outlet 168.am, Nefedov was detained on June 21, 2024, at 11:00 AM, with prosecutors filing a request for temporary detention. A court hearing was scheduled just hours before his detention period was set to expire. However, the judge failed to reach a decision within the required timeframe.
Nefedov’s lawyer requested a 15-minute delay, after which the accused was granted permission to take a short “walk.” Seizing the opportunity, he escaped in a vehicle, despite court officials and law enforcement officers being present. Following his disappearance, the judge officially ordered his detention, but by then, he had already vanished without a trace.
Following his escape, GG bragged to fellow gang members about his “very powerful friends”. When asked by another member how he had managed to get out, GG replied, “Remember when I said I have friends at the highest levels? I meant our very top level.”
In subsequent messages, GG claimed that he had requested a “green corridor” and that a team had been dispatched to extract him immediately. He also alluded to receiving assistance from an individual managing “major corporations”, who facilitated his passage through immigration control with the help of another high-ranking official.
According to Intel 471 researchers, such close ties to state actors are not uncommon among elite cybercriminals.
