CP
cyberpings
Threat IntelHIGH

Germany Doxes UNKN - Leader of REvil and GandCrab Gangs

Featured image for Germany Doxes UNKN - Leader of REvil and GandCrab Gangs
KoKrebs on Security·Reporting by BrianKrebs
Summary by CyberPings Editorial·AI-assisted·Reviewed by Rohit Rana
Ingested:
🎯

Basically, a hacker named UNKN has been identified as the leader of two major ransomware groups.

Quick Summary

German authorities have identified Daniil Shchukin, the mastermind behind the notorious REvil and GandCrab ransomware gangs. His actions have caused significant economic damage across Germany, highlighting the ongoing threat of cybercrime. As investigations continue, organizations must enhance their cybersecurity measures.

The Threat

In a significant breakthrough, German authorities have unveiled the identity of a notorious hacker known as UNKN. This individual, Daniil Maksimovich Shchukin, is linked to the infamous REvil and GandCrab ransomware groups. These gangs have been responsible for over 130 acts of computer sabotage and extortion across Germany from 2019 to 2021.

Who's Behind It

Shchukin, a 31-year-old Russian, is believed to have led these cybercrime organizations that pioneered the practice of double extortion. This tactic involved charging victims for a key to unlock their hacked systems and demanding additional payment to prevent the publication of stolen data. Alongside Shchukin, another Russian, Anatoly Sergeevitsch Kravchuk, was also implicated, with the two extorting nearly €2 million across multiple cyberattacks.

Tactics & Techniques

The GandCrab ransomware affiliate program emerged in January 2018, allowing hackers to profit significantly from their attacks. Shchukin's group claimed to have extorted over $2 billion from victims before announcing its shutdown in May 2019. Following this, REvil surfaced, with Shchukin at the helm, continuing the legacy of sophisticated ransomware operations. The group targeted large organizations, leveraging cyber insurance policies to maximize extortion payouts.

Defensive Measures

The German Federal Criminal Police (BKA) has taken steps to notify the public about Shchukin's identity and his criminal activities. They have also linked him to various cryptocurrency accounts containing over $317,000 in illicit funds. The BKA's advisory serves as a warning to potential victims and highlights the ongoing threat posed by ransomware gangs.

What to Watch

As investigations continue, authorities are focusing on Shchukin's whereabouts, with indications that he may still be in Russia. The BKA's findings underscore the evolving landscape of ransomware, where groups like REvil and GandCrab have set a dangerous precedent for cyber extortion. Cybersecurity experts recommend organizations bolster their defenses and remain vigilant against such threats, especially as ransomware tactics become increasingly sophisticated.

🔒 Pro insight: Shchukin's identification may lead to increased pressure on ransomware affiliates, potentially disrupting ongoing operations within the cybercrime ecosystem.

Original article from

KoKrebs on Security· BrianKrebs
Read Full Article

Share

Related Pings

HIGHThreat Intel

Surge in App Exploits - AI Accelerates Cyber-Attacks

IBM's latest report reveals a shocking 44% rise in cyber-attacks on public apps, fueled by AI. Both large and small businesses are at risk. It's a call to action for stronger security measures.

Infosecurity Magazine·
HIGHThreat Intel

Phishing Emails - 32 Million Flagged as Identity Attacks Rise

Darktrace identified 32 million phishing emails in 2025, marking a concerning rise in identity attacks. This increase poses serious risks to personal and organizational security. Awareness and proactive measures are vital to combat these threats.

Infosecurity Magazine·
HIGHThreat Intel

Project Compass - 30 Members of Cybercrime Gang Arrested

Europol's Project Compass has led to the arrest of 30 young cybercriminals from ‘The Com’. This operation highlights the ongoing threat of ransomware and extortion. Law enforcement is intensifying efforts to combat cybercrime.

Infosecurity Magazine·
HIGHThreat Intel

APT37 Expands Toolkit to Breach Air-Gapped Networks

APT37 has introduced new tools that can breach air-gapped networks, posing a significant risk to sensitive organizations. This North Korean hacking group continues to evolve its tactics, raising alarms in the cybersecurity community. Staying informed and proactive is essential to mitigate these threats.

Infosecurity Magazine·
MEDIUMThreat Intel

Researchers Roast Cybercriminals to Diminish Their Glamour

Researchers are roasting cybercriminals to diminish their glamor. This humorous approach aims to expose their failures and fracture trust within criminal networks. It's a fresh take on cybersecurity, focusing on education and awareness.

The Register Security·
HIGHThreat Intel

Node.js Maintainers Targeted - Sophisticated Social Engineering Scheme

A coordinated social engineering scheme is targeting Node.js developers, risking the integrity of widely used software packages. This alarming trend highlights the need for vigilance in the open-source community.

Cyber Security News·