gandcrab / revil / ransomware

Germany’s Federal Criminal Police (BKA) has identified 31-year-old Russian Daniil Maksimovich Shchukin as the hacker known as “UNKN” (UNKNOWN), alleging he led GandCrab and REvil ransomware operations responsible for at least 130 attacks in Germany from 2019–2021. The BKA says Shchukin and co-conspirator Anatoly Kravchuk extorted nearly €2 million and caused over €35 million in damage; U.S. filings also tie a cryptocurrency wallet linked to Shchukin to $317,000 in illicit proceeds. GandCrab and REvil pioneered affiliate-based ransomware and double extortion, evolving through multiple code revisions and business-like operations that outsourced services and reinvested profits—practices that helped scale their global impact and challenge defenders.

Germany has publicly identified (“doxed”) a figure known as “UNKN,” described as a leader tied to Russian-language ransomware operations including REvil and GandCrab, according to a link shared on Hacker News pointing to KrebsOnSecurity. The Hacker News post provides limited detail beyond the headline and discussion, but frames the move as a law-enforcement attribution effort aimed at naming individuals behind major ransomware groups. Commenters noted the operational structure resembles a scaled business with specialization and outsourcing, while others compared it to organized crime. If confirmed in the underlying report, the identification could support prosecutions, sanctions, or international coordination against ransomware actors. No specific dates, charges, or operational impacts are included in the provided excerpt.

Germany’s Federal Criminal Police Office (BKA) has identified “UNKN” (aka UNKNOWN), a key figure behind the Russian ransomware operations GandCrab and REvil, as 31-year-old Russian national Daniil Maksimovich Shchukin. In a public advisory, the BKA said Shchukin and alleged associate Anatoly Sergeevitsch Kravchuk, 43, carried out at least 130 sabotage and extortion incidents targeting victims in Germany from 2019 to 2021. Authorities said roughly two dozen attacks generated nearly €2 million in extortion payments and caused more than €35 million in economic damage. The BKA described the groups as pioneers of “double extortion,” demanding payment for decryption and for withholding stolen data. Shchukin was also referenced in a February 2023 U.S. Justice Department crypto-seizure filing citing a wallet holding over $317,000.

Germany’s Federal Criminal Police (BKA) publicly identified 31-year-old Russian Daniil Maksimovich Shchukin as “UNKN,” the alleged leader behind early ransomware syndicates GandCrab and REvil. The BKA says Shchukin and co-defendant Anatoly Kravchuk carried out at least 130 attacks in Germany from 2019–2021, extorting nearly €2 million and causing over €35 million in damage. Shchukin is linked to cryptocurrency proceeds seized by U.S. prosecutors and is accused of pioneering double extortion—charging for decryption keys and threatening to publish stolen data. GandCrab’s affiliate model and successive code revisions evolved into REvil, which paid affiliates and operated like a criminal business. The naming matters because it ties a prominent ransomware persona to concrete legal actions and to broader transnational disruption of critical networks and corporate victims.