German authorities have identified a key member of the notorious REvil and GandCrab ransomware groups as 31-year-old Russian national Daniil Maksimovich Shchukin.
Shchukin, known online as “UNKN” (Unknown), acted as a public representative and co-administrator for the groups. He promoted their ransomware services on cybercrime forums starting in 2019.
Officials say that Shchukin used several aliases and helped lead the GandCrab/REvil operation between 2019 and 2021. The groups carried out cyberattacks in which they encrypted victims’ data and demanded money to restore access or prevent leaks.
Authorities also identified Anatoly Sergeevitsch Kravchuk, a 43-year-old believed to have developed the REvil ransomware. Both men are suspected of being involved in 130 attacks in Germany. In at least 25 cases, victims paid a total of €1.9 million in ransom. Overall damages are estimated at more than €35 million.
REvil, which grew out of the GandCrab group, was behind several high-profile cyberattacks on global companies. The group went offline in 2021 following international law enforcement actions.
Several members were later arrested in different countries, including Russia, where authorities said they had dismantled the group in early 2022. Some of those arrested were sentenced to prison in 2024.
Shchukin is believed to have left Russia after the start of the war in Ukraine and was last reported to be in Antalya, Turkey. He disappeared from cybercrime forums around the same time authorities began cracking down on REvil.