The German Federal Criminal Police Office (BKA) has publicly identified a Russian individual as the central figure in the notorious GandCrab and REvil ransomware schemes. This revelation marks a significant step in the ongoing battle against cybercrime.
Key Player Unveiled
According to a recent announcement by law enforcement, Daniil Maksimovich Shchukin, a 31-year-old from Krasnodarskiy, Russia, is alleged to have spearheaded these ransomware operations from early 2019 until mid-2021. The BKA’s findings highlight Shchukin’s extensive involvement in cyber extortion, implicating him in 130 attempts, 25 of which resulted in ransom payments exceeding $2 million. The total damage caused by these activities is estimated to surpass $40 million.
Collaborative Cyber Threat
Shchukin did not act alone. The criminal operations also involved other individuals, including Anatoly Sergeevitsch Kravchuk, a 43-year-old Russian national. Together, they targeted a wide range of victims, from businesses to public institutions, leveraging the ransomware-as-a-service (RaaS) model. GandCrab, which appeared in early 2018, was reported to generate over $150 million annually before its closure in mid-2019.
Transition to REvil
As GandCrab was winding down, REvil, also known as Sodinokibi, emerged as its successor, quickly gaining notoriety. In late 2021, law enforcement agencies managed to seize the servers associated with REvil, leading to the arrest of seven individuals connected to both ransomware operations. The crackdown continued into 2022, with Russian authorities detaining several suspects linked to REvil, and by 2024, four members were sentenced to prison.
The BKA’s statement suggests that Shchukin, who is also known by aliases such as Oneiilk2 and UNKN, remains in Russia. His name has surfaced in various legal documents, including a Department of Justice complaint related to the seizure of cryptocurrency obtained through REvil’s illegal activities. Cybersecurity expert Brian Krebs highlighted Shchukin’s involvement during a talk in Germany.
Ongoing Cybersecurity Challenges
This case underscores the persistent challenges law enforcement faces in tackling sophisticated cybercrime networks. As authorities continue their efforts to dismantle these operations, the identification of key figures like Shchukin provides critical insights into the mechanisms of cybercrime. The international community remains vigilant, aiming to prevent future attacks and hold perpetrators accountable.
