German authorities identify and disclose UNKN as Daniil Shchukin, alleged leader of GandCrab and REvil ransomware operations

Timeline

1. 06.04.2026 05:07 1 articles · 2h ago

   BKA publicly identifies UNKN as Daniil Shchukin, alleged head of GandCrab and REvil ransomware operations

   The German Federal Criminal Police (BKA) disclosed the identity of UNKN as 31-year-old Daniil Maksimovich Shchukin, linking him to leadership roles in the GandCrab and REvil ransomware groups. Charges allege Shchukin and a co-defendant executed at least 130 attacks in Germany (2019–2021), netting €2 million in extortion from 24 victims while inflicting over €35 million in economic damage. Shchukin’s cryptocurrency wallet contained $317,000+ tied to REvil proceeds, and he is believed to reside in Krasnodar, Russia.

   Show sources

   • Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab — krebsonsecurity.com — 06.04.2026 05:07

   Open in new tab

Information Snippets

• German BKA named Daniil Maksimovich Shchukin (age 31) as UNKN, the alleged head of the GandCrab and REvil ransomware groups.

  First reported: 06.04.2026 05:07
  1 source, 1 article
  Show sources

  • Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab — krebsonsecurity.com — 06.04.2026 05:07

• Shchukin and Anatoly Sergeevitsch Kravchuk (age 43) are accused of executing at least 130 cyberattacks in Germany between 2019 and 2021.

  First reported: 06.04.2026 05:07
  1 source, 1 article
  Show sources

  • Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab — krebsonsecurity.com — 06.04.2026 05:07

• The duo extorted approximately €2 million from 24 victims, while their attacks caused over €35 million in total economic damage.

  First reported: 06.04.2026 05:07
  1 source, 1 article
  Show sources

  • Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab — krebsonsecurity.com — 06.04.2026 05:07

• Shchukin’s digital wallet contained over $317,000 in cryptocurrency, linked to REvil ransomware proceeds, per a 2023 U.S. Department of Justice filing.

  First reported: 06.04.2026 05:07
  1 source, 1 article
  Show sources

  • Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab — krebsonsecurity.com — 06.04.2026 05:07

• Shchukin is from Krasnodar, Russia, and is believed to currently reside in Russia, per BKA assessment.

  First reported: 06.04.2026 05:07
  1 source, 1 article
  Show sources

  • Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab — krebsonsecurity.com — 06.04.2026 05:07

• GandCrab operated as an affiliate-based ransomware program from January 2018, pioneering double extortion tactics and generating over $2 billion in extortion revenue.

  First reported: 06.04.2026 05:07
  1 source, 1 article
  Show sources

  • Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab — krebsonsecurity.com — 06.04.2026 05:07

• UNKN publicly announced REvil’s formation on cybercrime forums, depositing $1 million in escrow and later giving an interview describing a rags-to-riches narrative.

  First reported: 06.04.2026 05:07
  1 source, 1 article
  Show sources

  • Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab — krebsonsecurity.com — 06.04.2026 05:07

• REvil achieved notoriety through ‘big-game hunting’ targeting organizations with annual revenues exceeding $100 million and large cyber insurance policies.

  First reported: 06.04.2026 05:07
  1 source, 1 article
  Show sources

  • Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab — krebsonsecurity.com — 06.04.2026 05:07

• In July 2021, REvil compromised Kaseya, impacting over 1,500 downstream entities, an incident later mitigated by the FBI via a free decryptor.

  First reported: 06.04.2026 05:07
  1 source, 1 article
  Show sources

  • Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab — krebsonsecurity.com — 06.04.2026 05:07