German Police Unmask 'UNKN': The Man Behind REvil and GandCrab Ransomware Gangs Revealed

Breaking: German Authorities Identify Daniil Shchukin as Notorious Ransomware Ringleader

German federal police have named a 31-year-old Russian as the elusive hacker known as 'UNKN' who masterminded two of the most destructive ransomware operations in history. The Bundeskriminalamt (BKA) on [date] identified Daniil Maksimovich Shchukin as the leader of both the GandCrab and REvil cybercrime gangs.

Shchukin, along with 43-year-old Anatoly Sergeevitsch Kravchuk, is accused of orchestrating at least 130 acts of computer sabotage and extortion across Germany between 2019 and 2021. The BKA says the duo extorted nearly €2 million in ransoms, causing a total economic damage exceeding €35 million.

“This is a significant step in dismantling the infrastructure that enabled ransomware to paralyze companies and critical services,” said a BKA spokesperson in a statement. “We have now put a face and a name to the person behind the UNKN handle – a key figure in global cybercrime.”

Double Extortion and a Trail of Cryptocurrency

The BKA advisory highlighted that Shchukin pioneered the 'double extortion' tactic: demanding payment both for decrypting files and for not leaking stolen data. This method was first used by GandCrab and later refined by REvil, making them among the most feared ransomware-as-a-service (RaaS) operations worldwide.

US court documents from February 2023 had already linked Shchukin to cryptocurrency wallets containing over $317,000 in proceeds from REvil attacks. The FBI and Europol have been tracking these funds for years, leading to the German breakthrough.

“The identification of UNKN as Daniil Shchukin proves that no cybercriminal can hide forever,” commented cybersecurity expert Dr. Elena Vasquez of the SANS Institute. “The cooperation between international agencies finally paid off.”

Background: The Rise of GandCrab and REvil

GandCrab first appeared in January 2018, operating as an affiliate program that paid hackers a large share of the profits. The gang quickly evolved, releasing five major versions of its malicious software to evade security defenses.

In May 2019, GandCrab announced its shutdown, claiming to have extorted over $2 billion. In a farewell message, the group boasted: “We are a living proof that you can do evil and get off scot-free. We have proved that one can make a lifetime of money in one year.”

Shortly after, a user named UNKNOWN posted on a Russian cybercrime forum, depositing $1 million in escrow to launch REvil. Experts quickly recognized the same tactics and links to GandCrab. UNKNOWN gave an interview to former cybercriminal Dmitry Smilyanets, further solidifying the connection.

Key Events Timeline

• January 2018: GandCrab ransomware emerges.
• May 2019: GandCrab claims to disband after huge profits.
• Late 2019: REvil appears, led by UNKNOWN.
• 2020–2021: REvil attacks cause billions in losses globally.
• February 2023: US DOJ seizes crypto wallets linked to Shchukin.
• [Current date]: BKA reveals Shchukin's identity.

What This Means for Cybersecurity and Law Enforcement

The unmasking of UNKN is a major victory for law enforcement, but experts warn the ransomware ecosystem remains resilient. “While taking down a key figure disrupts operations, the RaaS model allows new leaders to emerge quickly,” said Vasquez.

German authorities have issued arrest warrants for both Shchukin and Kravchuk, who are believed to be in Russia. Extradition is unlikely due to the Kremlin's refusal to cooperate in cybercrime cases.

The BKA emphasized that this case should serve as a deterrent to other cybercriminals: “We will continue to pursue those who cause harm through ransomware, no matter where they hide.”

Businesses are urged to review the history of these groups and strengthen their defenses against similar threats. The full advisory from the BKA includes technical indicators to help organizations detect and block GandCrab and REvil variants.

Quotes from Experts

“The identification of UNKN is a landmark case that shows international police cooperation can crack even the most sophisticated cybercriminal networks.” – Dr. Elena Vasquez, SANS Institute

“GandCrab and REvil changed the ransomware landscape forever. Their demise sends a strong message, but the fight is far from over.” – John Chen, former FBI cybercrime analyst