Ethical Hacking News
German authorities have finally unmasked the elusive hacker known as "UNKN," who was behind two notorious ransomware groups: GandCrab and REvil. 31-year-old Daniil Maksimovich Shchukin, a Russian national from Krasnodar, is now believed to be at large, with German Federal Criminal Police stating that he may reside in Russia. His operation is thought to have caused over $35 million euros in economic damage and extorted nearly $2 million euros across 24 cyberattacks.
Daniil Maksimovich Shchukin, a 31-year-old Russian national, has been identified as the head of two notorious ransomware groups: GandCrab and REvil.Shchukin's rise to infamy began in 2018 with the emergence of the GandCrab affiliate program, which paid substantial shares for hacking into user accounts at major corporations.The REvil group was reorganized from the GandCrab team after Shchukin announced their shutdown in May 2019, extorting over $2 billion from victims.Shchukin was included on the US Justice Department's list of individuals and entities to be seized by the federal government as part of REvil's activities.He is believed to reside in Krasnodar, Russia, where he acted as the head of one of the largest worldwide operating ransomware groups.Shchukin was accused of extorting nearly $2 million euros across two dozen cyberattacks that caused over 35 million euros in total economic damage.
Germany's Federal Criminal Police (BKA) has finally brought closure to the mystery surrounding the elusive mastermind behind some of the most notorious ransomware groups in recent history. After years of evading detection, the enigmatic hacker known by the handle "UNKN" - later revealed to be 31-year-old Russian national Daniil Maksimovich Shchukin - has been officially identified as the head of two of the largest operating ransomware groups: GandCrab and REvil.
Shchukin's rise to infamy began in 2018, when the first GandCrab ransomware affiliate program emerged, with hackers being paid substantial shares for their services by hacking into user accounts at major corporations. This initial success paved the way for a sophisticated network of cybercriminals who specialized in providing "initial access" for malicious actors. As Shchukin's profile continued to grow, he eventually gained notoriety as the leader of REvil, which became infamous for its brazen and high-stakes attacks on high-profile targets.
A key turning point came in May 2019 when the GandCrab team announced they were shutting down after extorting more than $2 billion from victims. This was followed by the emergence of an unknown hacker who called himself "UNKNOWN," fronting a new ransomware group known as REvil. By this time, many cybersecurity experts had concluded that REvil was nothing more than a reorganization of GandCrab.
Shchukin's role in both operations led to his inclusion on the United States Justice Department's list of individuals and entities to be seized by the federal government as part of the REvil ransomware gang's activities. The digital wallet tied to Shchukin contained over $317,000 in ill-gotten cryptocurrency.
Shchukin is believed to reside in Krasnodar, Russia, where he was born. According to German authorities, Shchukin acted as the head of one of the largest worldwide operating ransomware groups. He was accused of extorting nearly $2 million euros across two dozen cyberattacks that caused over 35 million euros in total economic damage.
In an interview with Dmitry Smilyanets, a former malicious hacker hired by Recorded Future, UNKNOWN described his ascent to success as nothing short of meteoric. "As a child," he boasted, "I scrounged through the trash heaps and smoked cigarette butts." He went on to detail how he eventually became a millionaire, claiming that he reinvested significant earnings into improving his operations and mirroring practices of legitimate businesses.
The rise of REvil can be seen as part of a broader trend in which cybercrime has become an increasingly lucrative industry. According to recent reports from the cyber intelligence firm Intel 471, "criminals raced to join the booming ransomware economy," with various types of support services emerging to cater to the needs of these groups.
In particular, REvil became known for its ability to target organizations with more than $100 million in annual revenues and those that had purchased large cyber insurance policies. This approach yielded significant extortion payments from these victims, which helped fuel Shchukin's success as a mastermind behind the group.
Shchukin's eventual downfall came after REvil was targeted by the FBI in July 2021 when they hacked into Kaseya, a company that handled IT operations for more than 1,500 businesses, nonprofits, and government agencies. The group ultimately suffered significant losses due to an early compromise of its systems prior to the attack.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Unmasking-of-UNKN-The-Rise-and-Fall-of-a-Russian-Ransomware-Kingpin-ehn.shtml
https://krebsonsecurity.com/2026/04/germany-doxes-unkn-head-of-ru-ransomware-gangs-revil-gandcrab/
https://inkorr.com/en/nimeccina-ogolosila-u-rozsuk-rosian-z-gandcrab-aki-zbitki-zavdali-hakeri-313757
https://attack.mitre.org/software/S0496/
https://en.wikipedia.org/wiki/REvil
Published: Sun Apr 5 22:24:53 2026 by llama3.2 3B Q4_K_M
