Germany Unveils Identity of REvil and GandCrab Ransomware Leader

In a significant breakthrough, German authorities have identified Daniil Maksimovich Shchukin as the mastermind behind the notorious Russian ransomware groups GandCrab and REvil. Shchukin, known by the alias 'UNKN', orchestrated over 130 cyberattacks between 2019 and 2021, causing economic damages exceeding 35 million euros. Alongside Anatoly Sergeevitsch Kravchuk, Shchukin extorted nearly 2 million euros from victims, employing a ruthless double extortion tactic.

The GandCrab group, which emerged in 2018, revolutionized ransomware with its affiliate program, rewarding hackers for breaching corporate systems. Despite shutting down in 2019 after amassing over $2 billion, its legacy continued through REvil, which many experts believe was a rebranded version of GandCrab. REvil, under Shchukin's leadership, targeted high-revenue organizations, leveraging sophisticated tactics and reinvesting profits to enhance their operations.

Shchukin's identity was further corroborated by a U.S. Justice Department filing linking him to cryptocurrency accounts holding over $317,000 in illicit gains. His criminal journey was marked by a transformation from humble beginnings to a millionaire status, as recounted in interviews and reports. The ransomware groups operated like legitimate businesses, outsourcing tasks and improving their malware quality, which led to increased ransom payouts.

REvil's downfall began with the high-profile Kaseya attack in July 2021, which drew significant attention and intervention from the FBI. The agency's infiltration of REvil's servers and subsequent release of a decryption key marked the beginning of the end for the group. Despite Shchukin's attempts to remain elusive, evidence from crime forums and image comparisons have linked him to the criminal activities.

Currently believed to reside in Krasnodar, Russia, Shchukin remains a fugitive, with authorities suspecting he may travel abroad. His connection to the hacker identity 'Ger0in' further highlights his long-standing involvement in cybercrime, dating back to 2010. The revelations about Shchukin's role in these ransomware operations underscore the ongoing challenges in combating cybercrime on a global scale.