German Police Unmask UNKN Ransomware Leader Behind REvil and GandCrab

UNKN ransomware leader identified by German authorities

The Federal Criminal Police Office (BKA) has linked 31‑year‑old Russian Daniil Maksimovich Shchukin to the moniker UNKN, the figure who steered the notorious REvil and GandCrab ransomware operations.

Investigators say Shchukin, together with 43‑year‑old Anatoly Sergeevich Kravchuk, extorted ↑ €2 million in ransom payments and caused economic damage exceeding ↓ €35 million between 2019 and 2021.

“We are a living proof that you can do evil and get off scot‑free,” the GandCrab farewell note read.

The U.S. Justice Department’s February 2023 filing revealed a cryptocurrency wallet tied to Shchukin held more than $317,000 in illicit proceeds.

From trash‑bins to billion‑dollar extortion

According to a Reuters report, the GandCrab affiliate model, launched in January 2018, paid hackers large cuts for compromising corporate networks, while REvil later refined the “double extortion” technique.

Law‑enforcement sources confirm Shchukin remains in Krasnodar, Russia, but his whereabouts are unverified; travel abroad cannot be excluded.

Cyber‑security analysts note the dismantling of REvil’s infrastructure after the July 2021 Kaseya attack marked a turning point, as the FBI released a universal decryption key.

Words by: Isla Thorne

Guest Technology Correspondent
(Note: Isla Thorne is covering this desk while Nova Stirling is recovering from the flu.)