ACCORDING to the German Federal Criminal Police (BKA), two key REvil ransomware operators have been identified and linked to more than 130 attacks in Germany. The first suspect is Daniil Maksimovich Shchukin, a 31-year-old Russian national known online as UNKN, who promoted ransomware on cybercrime forums and headed both GandCrab and REvil during 2019–2021.
The BKA states that Shchukin and another Russian, Anatoly Sergeevitsch Kravchuk, 43, extorted nearly €2 million across two dozen cyberattacks, causing more than €35 million in total economic damage.
Investigators note that Shchukin’s name appeared in a 2023 U.S. case tied to crypto funds from REvil, including a wallet with over $317,000, and that he is allegedly linked to earlier activity under the alias “Ger0in.” The two men are described as leaders of one of the world’s largest ransomware operations, with Shchukin reportedly promoting the group and Kravchuk implicated in developing REvil during the same period.