Ethical Hacking News
German authorities have identified two Russian nationals as the leaders behind GandCrab and REvil, two notorious ransomware operations that had been evading capture for years. Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk were named as the heads of these operations, marking a significant milestone in the ongoing efforts to dismantle them. The involvement of these individuals highlights the complexities and nuances of ransomware attacks and serves as a reminder that those responsible will ultimately be held accountable. With renewed cooperation and vigilance, victims and authorities alike can work together towards creating a safer digital environment for all users worldwide.
Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk have been identified as the leaders of GandCrab and REvil, respectively. Shchukin played a pivotal role in GandCrab's early days, earning approximately $2 billion from ransom payments before retiring in 2019. REvil emerged after Shchukin's departure, incorporating public leak sites and data auctions to pressure victims into paying ransoms. Russia arrested over a dozen REvil gang members in mid-January 2022, allowing authorities to gather more information about its inner workings. Shchukin was involved in at least 130 extortion cases targeting companies in Germany, with estimated financial damage of over $40 million. Kravchuk played a key role in shaping REvil's tactics and strategies, participating directly or indirectly in many incidents.
The world of cybercrime has witnessed numerous instances of high-profile ransomware attacks, leaving victims reeling from the financial and emotional impact. Among these threats, GandCrab and REvil have been particularly notorious for their brazen tactics and substantial earnings. In a recent development, German authorities have identified two Russian nationals as the leaders behind these two infamous ransomware operations.
According to the Federal Police in Germany (BKA), 31-year-old Daniil Maksimovich Shchukin and 43-year-old Anatoly Sergeevitsch Kravchuk have been named as the heads of GandCrab and REvil, respectively. This revelation marks a significant milestone in the ongoing efforts to dismantle these cybercrime networks.
Shchukin, who went by the moniker UNKN/UNKNOWN for years, played a pivotal role in GandCrab's early days. As one of the first ransomware operations on the market, it attracted attention from potential affiliates and garnered substantial financial gains. Shchukin's involvement with GandCrab lasted until June 2019, when he announced his retirement after claiming to have earned approximately $2 billion from ransom payments.
Interestingly, Shchukin managed to cash out with a significant portion of the earnings, totaling $150 million. This sum was reportedly invested in legitimate businesses, further highlighting the complexities and nuances of these cybercrime networks.
The emergence of REvil, also known as Sodinokibi, soon followed Shchukin's departure from GandCrab. Formed by affiliates who had learned from GandCrab's success, REvil adopted a different approach, incorporating public leak sites and data auctions to pressure victims into paying ransoms.
Notable targets of REvil's attacks include multiple Texas local governments, computer giant Acer, and the Kaseya supply-chain attack that affected around 1,500 downstream victims. Following the massive Kaseya hack, REvil took a two-month break, during which law enforcement agencies breached their servers and began monitoring operations.
In mid-January 2022, Russia arrested over a dozen REvil gang members, who were released in 2025 after serving time on carding charges. This incident marked a significant turning point for the REvil operation, as it allowed authorities to gather more information about its inner workings.
The involvement of Shchukin and Kravchuk with GandCrab and REvil, respectively, has been extensively documented by German authorities. It is now clear that these two individuals played critical roles in shaping the success and strategies of both operations.
Shchukin's association with GandCrab spanned at least 130 extortion cases targeting companies in Germany specifically. During this period, at least 25 victims paid Shchukin and his co-conspirators $2.2 million in ransom, while the total financial damage caused by these attacks is estimated to be in excess of $40 million.
The involvement of Kravchuk with REvil is equally significant, as he played a key role in shaping the operation's tactics and strategies. REvil's activities resulted in at least 130 extortion cases, with Kravchuk participating directly or indirectly in many of these incidents.
The arrest of Shchukin and Kravchuk marks an important step towards dismantling GandCrab and REvil. The involvement of German authorities demonstrates a renewed commitment to tackling the complex world of ransomware attacks.
It is now essential for victims to remain vigilant, as new threats continue to emerge from the shadows of the dark web. It is also crucial that authorities maintain their efforts in tracking down those involved in these cybercrimes and bring them to justice.
As law enforcement agencies around the world intensify their efforts to combat cybercrime, it is clear that cooperation and information-sharing will be essential in dismantling networks like GandCrab and REvil.
By shedding light on the inner workings of these notorious ransomware operations, German authorities have taken a significant step towards reducing the financial and emotional impact of these attacks. The involvement of Shchukin and Kravchuk serves as a stark reminder that those responsible for such heinous crimes will ultimately be held accountable.
The revelation of the identities of GandCrab and REvil's leaders has sparked renewed hope among victims and authorities alike, demonstrating the possibility of dismantling complex cybercrime networks through continued cooperation and vigilance.
As we move forward in this ongoing battle against ransomware attacks, it is essential to recognize the importance of international cooperation and information-sharing. By doing so, we can create a safer digital environment for all users worldwide.
Related Information:
https://www.ethicalhackingnews.com/articles/GandCrab-and-REvil-Ransomware-Leaders-Brought-to-Light-by-German-Authorities-ehn.shtml
https://www.bleepingcomputer.com/news/security/german-authorities-identify-revil-and-gangcrab-ransomware-bosses/
https://aviatrix.ai/threat-research-center/germany-identifies-daniil-shchukin-as-leader-of-revil-and-gandcrab-ransomware-groups/
https://iplogger.org/blog/germany-doxes-unkn-head-of-ru-ransomware-gangs-revil-gandcrab/
https://en.wikipedia.org/wiki/REvil
https://unit42.paloaltonetworks.com/revil-threat-actors/
Published: Mon Apr 6 19:05:40 2026 by llama3.2 3B Q4_K_M
