196/69 Wednesday, April 8, 2026
Germany’s Federal Criminal Police Office (BKA) has successfully identified the individuals behind the notorious global ransomware operations GandCrab and REvil, which caused widespread damage between 2019 and 2021. The primary suspects are Daniil Maksimovich Shchukin (alias “UNKN”) and Anatoly Sergeevitsch Kravchuk, both Russian nationals. Investigations revealed that the pair were involved in ransomware attacks against at least 130 companies in Germany, causing damages exceeding $40 million. At least 25 victims paid ransoms totaling more than $2.2 million, which were transferred directly to cryptocurrency wallets controlled by the group.
Back in mid-2019, the GandCrab group shocked the cybersecurity community by announcing its “retirement” on underground forums, claiming it had generated over $2 billion in revenue for its network, with its leaders earning more than $150 million in profit. The group stated that the funds had already been laundered into legitimate businesses both online and offline. However, experts believe this “retirement” was merely a rebranding strategy, transitioning into the REvil (also known as Sodinokibi) operation. REvil adopted a ransomware-as-a-service (RaaS) model, sharing profits with affiliates and launching major global supply chain attacks, including high-profile incidents involving Acer and Kaseya, which impacted over 1,500 downstream organizations.
German authorities have now added Shchukin and Kravchuk to the European Union’s Most Wanted list, releasing their photos and distinctive tattoos to aid in identification. While some REvil members were previously arrested in Russia, the two alleged leaders are believed to still be residing there. The BKA is actively seeking international cooperation and public assistance to locate and bring these high-profile cybercriminals-among the most influential in ransomware history-to justice.