Top Highlights
- Germany’s Federal Criminal Police Office (BKA) identified two key figures behind the REvil ransomware group, including Daniil Maksimovich Shchukin (alias UNKN) and Anatoly Kravchuk, responsible for multiple attacks and ransom demands.
- Shchukin and Kravchuk allegedly carried out 130 ransomware attacks worldwide, demanding €1.9 million and causing over €35.4 million in damages.
- REvil, a notorious ransomware gang evolving from GandCrab, went offline in mid-2021, with law enforcement arrests in Romania and Russia disrupting operations.
- UNKN, once a leading figure, disappeared amid law enforcement actions, with reports of his lengthy ransomware career and a rise from poverty to millionaire status.
Authorities Reveal the Leaders of REvil Ransomware
Germany’s Federal Criminal Police Office (BKA) has uncovered the identities of two key figures behind the notorious REvil ransomware group. This group, which targeted numerous companies, had previously operated in secret. One of the individuals, known online as UNKN, was responsible for promoting the ransomware in 2019. Now identified as 31-year-old Daniil Maksimovich Shchukin, he played a leading role from early 2019 until mid-2021. Shchukin worked with others to run one of the largest ransomware groups, demanding hefty ransom payments for decrypting data and preventing leaks. The second suspect, Anatoly Sergeevitsch Kravchuk, is believed to have developed the REvil malware during the same time. Both suspects are linked to 130 attacks across Germany, resulting in more than €35.4 million in damages. Notably, 25 of these attacks led to nearly €1.9 million in ransom payments. This discovery marks a significant breakthrough in tracing the leadership of a cybercrime operation that caused widespread financial harm.
Law Enforcement Efforts Disrupt Major Cybercriminal Network
REvil, also known as Water Mare and Gold Southfield, was a powerful ransomware group responsible for attacks on high-profile companies like JBS and Kaseya. The group evolved from GandCrab ransomware but mysteriously went offline in mid-2021. Shortly afterward, law enforcement agencies worldwide moved to dismantle it. In October 2021, Russian authorities arrested several REvil members and shut down its operations, which was rare for such cybercriminal groups. By January 2022, Russia’s Federal Security Service announced further arrests of REvil members, with some facing years in prison. Meanwhile, the group’s online presence vanished, and its public face changed. The authorities’ actions reflect growing efforts to combat cybercrime and bring cybercriminal leaders to justice. These developments remind us that while these gangs operate in shadows, law enforcement continues to advance in exposing and stopping them, contributing to a safer digital environment.
Expand Your Tech Knowledge
Dive deeper into the world of Cryptocurrency and its impact on global finance.
Explore past and present digital transformations on the Internet Archive.
DataProtection-V1
