Ethical Hacking News
The German Federal Criminal Police (BKA) has identified two key figures behind the REvil ransomware group: Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk. The BKA believes that these individuals were instrumental in promoting the REvil ransomware operation on cybercrime forums and carrying out numerous attacks in Germany, resulting in over 130 incidents.
Pierluigi Paganini, a renowned cybersecurity expert, has identified two key figures behind the REvil ransomware group: Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk. The German Federal Criminal Police (BKA) believes Shchukin and Kravchuk were instrumental in promoting the REvil operation on cybercrime forums and carrying out attacks in Germany. Shchukin, linked to over 130 attacks in Germany between 2019 and 2021, promoted the GandCrab ransomware group and was wanted internationally for organized extortion. Kravchuk is believed to have developed REvil and has been accused of numerous organized and commercial ransomware extortions targeting businesses and organizations. The discovery of Shchukin's identity marks a significant development in the investigation into the REvil ransomware group, with ties to a 2023 U.S. case and earlier cybercrime activity in Russia.
Pierluigi Paganini, a renowned cybersecurity expert and editor of Security Affairs, has been providing insightful analysis on various cybercrime-related topics. Recently, he shed light on an intriguing case involving the REvil ransomware group and their activities in Germany.
According to Paganini's recent article, the German Federal Criminal Police (BKA) has identified two key figures behind the REvil ransomware group: Daniil Maksimovich Shchukin, a 31-year-old Russian national known online as UNKN, and Anatoly Sergeevitsch Kravchuk, a 43-year-old Russian. The BKA believes that these individuals were instrumental in promoting the REvil ransomware operation on cybercrime forums and carrying out numerous attacks in Germany.
Shchukin, who was wanted internationally for suspicion of numerous organized and commercial ransomware extortions, was linked to over 130 attacks in Germany between early 2019 and July 2021. He also promoted the GandCrab ransomware group, which earned over $2 billion from ransomware attacks before shutting down in May 2019.
Kravchuk, on the other hand, is believed to have developed REvil during the same period. The BKA has accused him of numerous organized and commercial ransomware extortions targeting businesses, public institutions, and other organizations.
The discovery of Shchukin's identity marks a significant development in the investigation into the REvil ransomware group. His name appeared in a 2023 U.S. case tied to crypto funds from REvil, including a wallet with over $317,000.
The German police have also linked Shchukin to earlier cybercrime activity under the alias "Ger0in," which was tied to botnets and malware distribution. Additionally, four former members of the REvil ransomware group were sentenced in Russia for hacking and money laundering in October 2024.
Yaroslav Vasinskyi, a Ukrainian national who went by the handle "Rabotnik," was also sentenced to over 13 years in prison and must pay $16 million in restitution for conducting numerous ransomware attacks and extorting victims. He is believed to have been a member of the REvil ransomware gang.
The cases highlight the ongoing efforts of law enforcement agencies to track down and prosecute individuals involved in cybercrime activities. The revelation of Shchukin's identity serves as a reminder that even seemingly elusive figures can be brought to justice with persistence and determination.
Furthermore, the case underscores the importance of cooperation between international law enforcement agencies in combating transnational cybercrime. The involvement of U.S. authorities and the extradition of Vasinskyi demonstrate this cooperation in action.
As cybersecurity experts continue to monitor the REvil ransomware group's activities, it is essential to remain vigilant and take proactive measures to protect against potential attacks. The discovery of Shchukin's identity marks a significant step forward in this effort.
In conclusion, the BKA's revelation of Shchukin's identity serves as a reminder that cybercrime investigations can yield significant results with persistence and determination. As law enforcement agencies continue to track down and prosecute individuals involved in cybercrime activities, it is crucial to remain vigilant and proactive in protecting against potential threats.
Related Information:
https://www.ethicalhackingnews.com/articles/BKA-Unmasks-REvil-Ransomware-Operators-Behind-130-German-Attacks-ehn.shtml
https://securityaffairs.com/190401/cyber-crime/bka-unmasks-two-revil-ransomware-operators-behind-130-german-attacks.html
https://thehackernews.com/2026/04/bka-identifies-revil-leaders-behind-130.html
https://cybersixt.com/a/vpP4xLcFvHpX4dVRhPUI3T
https://www.kaspersky.com/resource-center/threats/blackenergy
https://en.wikipedia.org/wiki/BlackEnergy
https://securityboulevard.com/2026/04/germany-doxes-unkn-head-of-ru-ransomware-gangs-revil-gandcrab/
https://malpedia.caad.fkie.fraunhofer.de/details/win.gandcrab
https://en.wikipedia.org/wiki/REvil
Published: Mon Apr 6 11:32:49 2026 by llama3.2 3B Q4_K_M
