In September 2020, a member of the ransomware group REvil came forward to discuss an attack on Elior, a French company, highlighting the growing threat of ransomware. By that time, ransomware was already concerning, but it was on the cusp of becoming a much larger issue. Journalists at LeMagIT, a French tech news site, started to keep a close eye on developments in this space monthly.
Fast forward to June 21, 2024, and Oleg Nefedov finds himself in a bind. He gets arrested on American Street in Yerevan, near the U.S. embassy. Shortly after, the local public prosecutor pushes for his custody. Armenia secures the necessary extradition documents, and Oleg is under an Interpol Red Notice. His hearing is set for June 24, but something goes awry. By 4 PM on June 22, without a clear explanation, he’s released. Almost four months later, a source reaches out to LeMagIT claiming Oleg goes by the alias “Tramp,” a key figure in the Black Basta ransomware gang. This contact says, “He’s got top-notch protection in Russia—friends in the security services, even pays off the FSB and GRU.”
On November 14, 2022, Tramp himself boasted about his connections with the FSB, sharing in a chat that he’d been keeping them financially supported. This claim was backed by leaked messages that researchers provided to LeMagIT later. As investigations continued, circumstantial evidence piled up supporting the assertion that Tramp is indeed Oleg.
Following his arrest, Tramp goes dark online from June 21 to July 2, 2024. When he resurfaces, he claims to have lost his computer and changed his Telegram account. But a close associate from his days in the gang, Chuck, reveals that Tramp admitted to getting caught by the police and was worried about US law enforcement. Tramp discusses his connections to powerful figures, supposedly someone “at the level of our number one,” implying high-ranking officials, but keeps specifics to himself.
On July 7, he mentions that his phone was seized, worrying that the authorities have complete access to his digital life. Chuck expresses concern that someone he trusts might become a liability, fearing the FSB might turn on them.
In September 2024, Tramp talks to an ex-colleague known as Bio, who shares his own run-ins with law enforcement after a crypto exchange exposed him. Bio’s experiences only heighten the tension as Tramp continues to navigate this dangerous landscape.
As Oleg approaches his 35th birthday in Iochkar-Ola, he’s developed a penchant for a lavish lifestyle, despite previously earning modest incomes. He’s linked to several luxurious vehicles and has invested in upscale brands worldwide. It’s clear he’s made a significant profit over the years, especially with Black Basta’s dealings bringing in massive ransoms.
In December 2024, LeMagIT outlined Tramp’s vast digital currency holdings, tracking payments and connections back to Black Basta’s operations, which have affected numerous companies globally, including some high-profile targets in France. And it turns out he didn’t just spring up with Black Basta; he’s been involved in this world for a long time.
Tramp’s run-ins with groups like REvil, where he often used the same password for securing files, indicate he’s no novice. He claimed to have worked with them and had established a profile within criminal circles. As of the end of 2024, his whereabouts and operations remain under scrutiny. Meanwhile, Black Basta appears to be branching out, with some members reportedly shifting their focus to other ransomware groups.
