Ethical Hacking News
German authorities have identified REvil leader Daniil Maksimovich Shchukin, 31, as "UNKN", behind over 130 ransomware attacks in Germany and worldwide, resulting in €35 million in damages. The move marks a significant breakthrough in the global fight against cybercrime.
Daniil Maksimovich Shchukin, a 31-year-old Russian national, has been identified as the mastermind behind REvil, a notorious ransomware-as-a-service (RaaS) operation. Shchukin was instrumental in developing REvil's ransomware tools and carried out many of the attacks that resulted in payment demands from organizations. The German Federal Criminal Police Office (BKA) has unmasked Shchukin, marking a significant turning point in the investigation into REvil. Shchukin was involved in over 130 ransomware attacks across Germany alone, with estimated financial damage of €35 million. The arrest of two individuals for their roles as affiliates of the REvil ransomware family is a significant milestone in the global push against cybercrime.
The dark web, a realm of anonymity and deception, has long been a haven for malicious actors seeking to wreak havoc on an unsuspecting world. Among the many nefarious groups operating in this domain is REvil, a ransomware-as-a-service (RaaS) operation that has left a trail of destruction in its wake. In recent years, REvil has become one of the most feared and reviled groups in the cybercrime underworld, with a modus operandi that involves extorting large sums of money from organizations in exchange for the promise to restore access to encrypted data.
However, in a move that can only be described as a significant shift in the cat-and-mouse game between law enforcement and cybercriminals, Germany's Federal Criminal Police Office (BKA) has finally unmasked the real identity of the mastermind behind REvil. According to sources close to the investigation, the individual in question is none other than Daniil Maksimovich Shchukin, a 31-year-old Russian national who has been identified as the alias "UNKN" by BKA officials.
Shchukin's rise to prominence within the REvil organization began several years ago, when he first started making an appearance on cybercrime forums under the moniker of "Oneiilk2". From there, it was a steady climb up the ranks, with Shchukin eventually emerging as one of the most prominent figures in the group. His reputation as a ruthless and cunning operator soon earned him the nickname "UNKN", which he used to advertise REvil's services on various online platforms.
But Shchukin's connection to REvil goes far deeper than simply being a representative of the group. According to sources, he was instrumental in developing some of the ransomware tools used by the organization, and is believed to have played a key role in carrying out many of the attacks that resulted in payment demands from organizations.
The BKA's decision to unmask Shchukin marks a significant turning point in the investigation into REvil, which has been ongoing for several years. The identification of the mastermind behind the group is likely to be a major blow to those involved, and could potentially lead to further breakthroughs in the case.
Furthermore, the BKA's efforts have also shed light on the scope and scale of REvil's operations. According to reports, Shchukin was involved in over 130 ransomware attacks across Germany alone, with many more believed to have taken place around the world. The total financial damage resulting from these attacks is estimated to be in excess of €35 million, making it one of the largest ransomware campaigns on record.
Shchukin's colleague, Anatoly Sergeevitsch Kravchuk, also made the list as a suspect who was involved with REvil. Kravchuk, 43 years old, is suspected to have acted as the developer of REvil during that same time period.
In an effort to further disrupt the group's operations, law enforcement authorities in Romania announced the arrest of two individuals for their roles as affiliates of the REvil ransomware family just weeks ago. The development marked a significant milestone in the global push against cybercrime and its impact on businesses and individuals alike.
In recent years, REvil has emerged as one of the most prolific ransomware groups globally, with attacks targeting companies across multiple sectors. In addition to JBS and Kaseya, among others, it is believed that several prominent organizations have been compromised by the group's malicious activities.
The REvil operation was first discovered in June 2019 on a cybercrime forum under the alias "UNKN", where Shchukin advertised the ransomware services. In an interview with Recorded Future's Dmitry Smilyanets in March 2021, UNKN revealed that he had been involved in the ransomware business since 2007 and claimed to have had as many as 60 affiliates working for the group at one point.
Shchukin's revelation also shed light on his personal background, including a difficult childhood spent wandering the streets without proper education or food. The stark contrast between Shchukin's impoverished youth and his current status as a high-profile cybercriminal is a chilling reminder of the complexity and depth of the dark web's influence.
In recent years, there has been an increasing focus on addressing the root causes that drive individuals to engage in illicit activities such as cybercrime. For many, it appears that desperation, lack of access to education or employment opportunities, and exposure to malicious online content all play a role.
The BKA's efforts in unmasking Shchukin mark a significant turning point in this fight against cybercrime, serving as a warning to those who would seek to exploit the vulnerable in the name of financial gain.
In conclusion, the revelation of REvil's leader is an important development that highlights the ongoing efforts made by law enforcement agencies around the world to combat cybercrime. It also underscores the need for vigilance and awareness among individuals and businesses alike, as the threat landscape continues to evolve with new and increasingly sophisticated threats emerging on a daily basis.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Unmasking-of-REvil-A-Glimpse-into-the-Dark-World-of-Ransomware-ehn.shtml
https://thehackernews.com/2026/04/bka-identifies-revil-leaders-behind-130.html
https://krebsonsecurity.com/2026/04/germany-doxes-unkn-head-of-ru-ransomware-gangs-revil-gandcrab/
Published: Mon Apr 6 02:48:11 2026 by llama3.2 3B Q4_K_M
