GandCrab-to-REvil ransomware ecosystem succession
Threat Actor MetaFirst reported
Last updated
Happening score
H score
18
Summary
Hide ▲
Show ▼
The GandCrab ransomware ecosystem carried its affiliate model into REvil, helping a successor crew scale extortion through cybercriminal partnerships.
Timeline
-
07.04.2026 02:54 2 articles · 1mo ago
BKA identifies GandCrab and REvil leaders
Attribution UpdateGerman Federal Police identified Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk as the leaders behind GandCrab and REvil, tying the ransomware succession to GandCrab's early-2018 start, its leader's June 2019 retirement, and REvil's emergence soon after with an affiliate model that carried through at least July 2021.
Show sources
- German authorities identify REvil and GandCrab ransomware bosses — www.bleepingcomputer.com — 07.04.2026 02:54
- German authorities identify REvil and GandCrab ransomware bosses — www.bleepingcomputer.com — 07.04.2026 02:54