The article reports that German authorities have publicly identified the alleged figure behind two of the most notorious Russian ransomware operations of the past decade: Daniil Maksimovich Shchukin, a 31-year-old Russian national whom the BKA says operated under the handle “UNKN” or “UNKNOWN.” According to Krebs, Germany accuses Shchukin of leading both GandCrab and REvil, two groups that helped industrialize modern ransomware and popularize double extortion, in which victims were pressured to pay both for decryption and for silence over stolen data. The piece says German investigators link Shchukin and another Russian suspect, Anatoly Sergeevitsch Kravchuk, to at least 130 acts of computer sabotage and extortion in Germany between 2019 and 2021, including roughly €2 million in extorted payments and more than €35 million in broader economic damage.

Krebs also places the identification in a wider historical context, portraying REvil as a direct successor to GandCrab and UNKN as one of the central figures in the rise of ransomware-as-a-service. The article revisits GandCrab’s emergence in 2018, its boastful shutdown in 2019 after claims of massive profits, and REvil’s later growth into a major “big-game hunting” operation that targeted large organizations and became infamous for the Kaseya supply-chain attack in July 2021. Krebs notes that Shchukin’s name had already surfaced in a 2023 U.S. Justice Department filing seeking seizure of cryptocurrency tied to REvil proceeds, and adds that German investigators believe he is living in Krasnodar, Russia. The overall thrust of the article is that one of the ransomware world’s most influential anonymous leaders is no longer anonymous at all, even if he remains effectively beyond Western arrest power while in Russia.

‍

Source: https://krebsonsecurity.com/2026/04/germany-doxes-unkn-head-of-ru-ransomware-gangs-revil-gandcrab/