DwKsWlGLelmgo CEsbKr pzb

Alleged REvil Leader ‘UNKN’ Identified by German Authorities in New Takedown Effort

German authorities have officially named one of the most notorious names in cybercrime.

The German Federal Criminal Police (BKA) recently identified 31-year-old Russian national Daniil Maksimovich Shchukin as the man behind the hacker alias “UNKN.”

According to the BKA, Shchukin led the infamous GandCrab and REvil ransomware operations.

Working alongside 43-year-old Anatoly Sergeevitsch Kravchuk, Shchukin is accused of orchestrating at least 130 acts of computer sabotage across Germany between 2019 and 2021.

Their targeted campaigns successfully extorted roughly 2 million euros and caused more than 35 million euros in widespread economic damage.

Under Shchukin’s alleged leadership, GandCrab and REvil fundamentally changed the ransomware landscape.

They popularized a highly lucrative business model known as “double extortion.” This ruthless tactic involves two distinct threats:

  • Locking victims out of their own networks and demanding a ransom for the decryption key.
  • Stealing sensitive internal documents and threatening to leak them online if a secondary payment is withheld.

GandCrab first appeared in January 2018 operating as a Ransomware-as-a-Service (RaaS) affiliate program.

It paid independent hackers a cut of the profits for breaching corporate networks. When the group suddenly shut down in May 2019, boasting over $2 billion in total extorted funds, REvil quickly took its place.

Cybersecurity researchers instantly recognized REvil as a rebranded, highly organized continuation of the GandCrab infrastructure.

Big-Game Hunting and Downfall

REvil operated much like a legitimate software company, systematically reinvesting profits to scale their operations.

They outsourced specific tasks to other criminals in the underground economy, purchasing network access from specialized brokers and hiring professional money launderers.

This allowed the core team to focus entirely on developing sophisticated encryption malware that easily bypassed standard antivirus tools.

The gang focused on “big-game hunting,” targeting massive organizations with deep pockets and robust cyber insurance policies.

Their most devastating strike occurred over the July 4 weekend in 2021, when they compromised Kaseya, an IT management software provider.

This massive supply chain attack crippled over 1,500 businesses worldwide. However, the FBI secretly infiltrated REvil’s servers and released a free decryption key to victims, dealing a fatal blow to the gang’s operations.

Authorities believe Shchukin currently resides in Krasnodar, Russia. While extradition remains unlikely, international law enforcement continues to target his assets, including a 2023 U.S. Justice Department seizure of over $317,000 in cryptocurrency linked directly to his digital wallets.

Related Articles

Back to top button