HN
Today

Germany Doxes "UNKN," Head of RU Ransomware Gangs REvil, GandCrab

German authorities have unmasked "UNKN," the elusive head of notorious Russian ransomware groups GandCrab and REvil, as Daniil Maksimovich Shchukin, a 31-year-old from Krasnodar. This revelation connects a face and name to a figure responsible for pioneering "double extortion" tactics and extorting billions from victims worldwide. It's a significant win against organized cybercrime, appealing to HN's interest in cybersecurity, law enforcement triumphs, and the unraveling of digital criminal enterprises.

15
Score
4
Comments
#2
Highest Rank
6h
on Front Page
First Seen
Apr 6, 2:00 PM
Last Seen
Apr 6, 7:00 PM
Rank Over Time
222234

The Lowdown

German authorities, specifically the Bundeskriminalamt (BKA), have successfully identified "UNKN," the long-sought leader behind the prolific Russian ransomware gangs GandCrab and REvil. This unmasking reveals Daniil Maksimovich Shchukin, a 31-year-old from Krasnodar, as the individual allegedly responsible for orchestrating widespread cyberattacks and pioneering sophisticated extortion methods.

  • Identity Revealed: Daniil Maksimovich Shchukin (31) has been named as "UNKN," the alleged head of GandCrab and REvil ransomware groups.
  • German Investigation: The BKA links Shchukin and 43-year-old Anatoly Sergeevitsch Kravchuk to 130 acts of cyber sabotage and extortion in Germany (2019-2021), generating nearly 2 million euros in direct extortion and over 35 million euros in total economic damage.
  • Ransomware Evolution: GandCrab, active from 2018, was a highly successful ransomware-as-a-service model, claiming over $2 billion in extorted funds before its 2019 shutdown. REvil emerged shortly after, widely believed to be its successor, pioneering "double extortion" tactics (encrypting data and threatening to publish stolen information).
  • Cybercrime Entrepreneurship: "UNKN" publicly boasted a rags-to-riches story, and both groups operated with sophisticated business-like structures, reinvesting profits, hiring specialists, and targeting large organizations with cyber insurance.
  • Downfall and Seizures: REvil's decline began after the 2021 Kaseya hack, when the FBI, having infiltrated their servers, released a decryption key. A February 2023 U.S. Justice Department filing sought the seizure of over $317,000 in cryptocurrency linked to Shchukin.
  • Evidence and Location: While Shchukin's direct links to the "UNKNOWN" persona are primarily from the BKA, cyber intelligence firms have connected him to an earlier hacker identity, "Ger0in." He is presumed to be residing in Krasnodar, Russia.

The doxing of "UNKN" by German authorities marks a significant milestone in the ongoing battle against global cybercrime, putting a human face to an operation that caused immense financial and operational damage worldwide. While Shchukin is believed to remain in Russia, this public identification serves as a powerful message to other cybercriminals operating under the cloak of anonymity.