CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Identification of key leadership behind GandCrab and REvil ransomware operations by German authorities

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

German Federal Police (BKA) announced the identification of two Russian nationals, Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk, as the leaders of the GandCrab and REvil ransomware operations between at least early 2019 and July 2021. The duo is linked to at least 130 extortion cases targeting German companies, with 25 victims reportedly paying $2.2 million in ransoms, while total financial damage exceeded $40 million. Shchukin operated under the alias UNKN/UNKNOWN on cybercrime forums, representing the ransomware groups during their active periods.

Timeline

  1. 07.04.2026 02:54 1 articles · 3h ago

    Identification of GandCrab and REvil leadership by German authorities

    German Federal Police (BKA) publicly identified Russian nationals Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk as the leaders of GandCrab and REvil ransomware operations active between at least early 2019 and July 2021. The announcement follows investigations into at least 130 extortion cases targeting German companies, with evidence of 25 ransom payments totaling $2.2 million and estimated financial damage exceeding $40 million.

    Show sources
    Open in new tab

Information Snippets

  • Daniil Maksimovich Shchukin (31 years old) and Anatoly Sergeevitsch Kravchuk (43 years old) identified as leaders of GandCrab and REvil operations spanning from at least early 2019 to July 2021.

    First reported: 07.04.2026 02:54
    1 source, 1 article
    Show sources

  • Shchukin, operating under aliases UNKN/UNKNOWN, served as a visible representative of the ransomware groups on cybercrime forums.

    First reported: 07.04.2026 02:54
    1 source, 1 article
    Show sources

  • At least 130 extortion cases linked to Shchukin and Kravchuk targeted companies in Germany, with 25 victims paying $2.2 million in ransom demands.

    First reported: 07.04.2026 02:54
    1 source, 1 article
    Show sources

  • Total financial damage attributed to the operations is estimated to exceed $40 million.

    First reported: 07.04.2026 02:54
    1 source, 1 article
    Show sources

  • GandCrab, launched in early 2018, claimed earnings of $2 billion in ransom payments before its leader retired in June 2019, reportedly retaining $150 million invested in legal businesses.

    First reported: 07.04.2026 02:54
    1 source, 1 article
    Show sources

  • REvil emerged following GandCrab’s model, adopting affiliate structures, public leak sites, and data auctions to pressure victims. Notable incidents include attacks on Texas local governments, Acer, and the Kaseya supply-chain compromise affecting approximately 1,500 downstream victims.

    First reported: 07.04.2026 02:54
    1 source, 1 article
    Show sources

  • Following the Kaseya attack, REvil took a two-month operational break during which law enforcement infiltrated and monitored their infrastructure, leading to multiple disruptions.

    First reported: 07.04.2026 02:54
    1 source, 1 article
    Show sources

  • In January 2022, Russian authorities arrested over a dozen REvil members, who were released in 2025 after serving time for carding-related charges.

    First reported: 07.04.2026 02:54
    1 source, 1 article
    Show sources

  • BKA states both identified individuals are believed to be in Russia and has requested public assistance for their whereabouts, including entries added to the EU’s Most Wanted portal.

    First reported: 07.04.2026 02:54
    1 source, 1 article
    Show sources