Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
German Authorities Identify REvil Ransomware Chief

German Authorities Identify REvil Ransomware Chief

Posted on April 7, 2026 By CWS

The German Federal Criminal Police Office (BKA) has publicly identified a Russian individual as the central figure in the notorious GandCrab and REvil ransomware schemes. This revelation marks a significant step in the ongoing battle against cybercrime.

Key Player Unveiled

According to a recent announcement by law enforcement, Daniil Maksimovich Shchukin, a 31-year-old from Krasnodarskiy, Russia, is alleged to have spearheaded these ransomware operations from early 2019 until mid-2021. The BKA’s findings highlight Shchukin’s extensive involvement in cyber extortion, implicating him in 130 attempts, 25 of which resulted in ransom payments exceeding $2 million. The total damage caused by these activities is estimated to surpass $40 million.

Collaborative Cyber Threat

Shchukin did not act alone. The criminal operations also involved other individuals, including Anatoly Sergeevitsch Kravchuk, a 43-year-old Russian national. Together, they targeted a wide range of victims, from businesses to public institutions, leveraging the ransomware-as-a-service (RaaS) model. GandCrab, which appeared in early 2018, was reported to generate over $150 million annually before its closure in mid-2019.

Transition to REvil

As GandCrab was winding down, REvil, also known as Sodinokibi, emerged as its successor, quickly gaining notoriety. In late 2021, law enforcement agencies managed to seize the servers associated with REvil, leading to the arrest of seven individuals connected to both ransomware operations. The crackdown continued into 2022, with Russian authorities detaining several suspects linked to REvil, and by 2024, four members were sentenced to prison.

The BKA’s statement suggests that Shchukin, who is also known by aliases such as Oneiilk2 and UNKN, remains in Russia. His name has surfaced in various legal documents, including a Department of Justice complaint related to the seizure of cryptocurrency obtained through REvil’s illegal activities. Cybersecurity expert Brian Krebs highlighted Shchukin’s involvement during a talk in Germany.

Ongoing Cybersecurity Challenges

This case underscores the persistent challenges law enforcement faces in tackling sophisticated cybercrime networks. As authorities continue their efforts to dismantle these operations, the identification of key figures like Shchukin provides critical insights into the mechanisms of cybercrime. The international community remains vigilant, aiming to prevent future attacks and hold perpetrators accountable.

Security Week News Tags:BKA, Cybercrime, Cybersecurity, Extortion, GandCrab, German police, law enforcement, ransomware-as-a-service, REvil ransomware, Russian hacker

Post navigation

Previous Post: GPUBreach Exploit Elevates CPU Privileges via GPU Memory
Next Post: Iranian Hackers Target Microsoft 365 with Password Attacks

Related Posts

Exploits, Technical Details Released for CitrixBleed2 Vulnerability Exploits, Technical Details Released for CitrixBleed2 Vulnerability Security Week News
Chinese Hacking Group ‘Earth Lamia’ Targets Multiple Industries Chinese Hacking Group ‘Earth Lamia’ Targets Multiple Industries Security Week News
Urgent Replacement of Discontinued Edge Devices Advised Urgent Replacement of Discontinued Edge Devices Advised Security Week News
Password Managers at Risk: Vaults Susceptible to Attacks Password Managers at Risk: Vaults Susceptible to Attacks Security Week News
NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data Security Week News
LinkedIn Under Scrutiny: Allegations of Privacy Invasion LinkedIn Under Scrutiny: Allegations of Privacy Invasion Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • GitLost Flaw Exposes GitHub Repos via AI Workflow
  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed
  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • GitLost Flaw Exposes GitHub Repos via AI Workflow
  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed
  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark