ACCORDING to Germany's Federal Criminal Police Office (aka BKA or the Bundeskriminalamt), the real identities of the main threat actors linked to the REvil ransomware operation have been uncovered. The BKA says the threat actor who used the alias UNKN, who advertised the ransomware in June 2019 on the XSS cybercrime forum, is Daniil Maksimovich Shchukin, a 31-year-old Russian national, who also operated under the online monikers Oneiilk2, Oneillk2, Oneillk22 and GandCrab.
Also named on the wanted list is Anatoly Sergeevitsch Kravchuk, a 43-year-old Russian born in Makiivka, alleged to have acted as the developer of REvil during the same period. Shchukin and Kravchuk are suspected of carrying out 130 ransomware attacks across Germany, with 25 of those cases leading to payments totalling €1.9 million, while the incidents collectively incurred financial damages exceeding €35.4 million.
REvil, also known as GandCrab/Water Mare and Gold Southfield, evolved from GandCrab and ceased operations in 2021, resurfacing later in the gang’s activity.