German authorities have officially unmasked two high-ranking members of the notorious REvil ransomware gang after an extensive investigation by the Federal Criminal Police Office. The identified individuals, Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk, are accused of spearheading over 130 cyberattacks in Germany that caused tens of millions of dollars in financial damages.

The investigation led by the Bundeskriminalamt reveals that Daniil Maksimovich Shchukin, a 31-year-old Russian national, operated under the online alias UNKN. As a central representative for the group, Shchukin was responsible for recruiting affiliates on cybercrime forums and marketing the ransomware-as-a-service model starting in 2019. Before leading REvil, he was also linked to the GandCrab ransomware operation, eventually transitioning from a life of poverty to becoming a millionaire through digital extortion.

Joining Shchukin on the wanted list is 43-year-old Anatoly Sergeevitsch Kravchuk, who is believed to have been a primary developer for the REvil software. Law enforcement officials allege that Kravchuk provided the technical foundation necessary for the group to encrypt the systems of major global corporations. Together, these two individuals are considered the architects of a criminal enterprise that demanded massive payouts in exchange for decryption keys and the promise not to leak stolen sensitive data.

The impact of their operations was felt heavily across Germany, where at least 130 separate attacks have been attributed to the duo. While only 25 of these victims chose to pay the ransoms, totaling nearly 2 million euros, the broader economic fallout was much more severe. The BKA estimates that the total financial damage resulting from system downtime, data recovery, and incident response exceeded 35 million euros for German entities alone.

REvil gained international notoriety for high-profile hits on companies like JBS and Kaseya before law enforcement pressure forced the group to dismantle its infrastructure. Although the group attempted several reboots and faced arrests by both Romanian authorities and the Russian FSB, the core leadership remained largely anonymous until this recent breakthrough. Several lower-level members have already been sentenced to prison terms, but the identification of Shchukin and Kravchuk represents a significant escalation in holding the group's top tier accountable.

The unmasking of UNKN brings a definitive end to the mystery surrounding one of the most vocal figures in the underground cybercrime world. Despite his claims of starting in the industry as early as 2007 and managing dozens of affiliates, the digital trail eventually led investigators back to his real-world identity. This development marks a pivotal moment for international law enforcement as they continue to map out and dismantle the hierarchies of global ransomware syndicates.

Source: https://www.bka.de/DE/IhreSicherheit/Fahndungen/Personen/BekanntePersonen/CC_BW/DMS/Sachverhalt.html