Germany’s Federal Criminal Police Office (BKA) has successfully identified key individuals behind the notorious REvil ransomware operation. This group, known for its extensive ransomware-as-a-service activities, has been linked to numerous cyberattacks.
Unmasking the Masterminds
The BKA has revealed that the main actor behind the alias UNKN is Daniil Maksimovich Shchukin, a 31-year-old Russian national. Shchukin, also known by various online names such as Oneiilk2 and GandCrab, was instrumental in promoting the ransomware on cybercrime forums since June 2019. This breakthrough was reported by Brian Krebs, a well-known security journalist.
In conjunction with Shchukin, Anatoly Sergeevitsch Kravchuk, a 43-year-old from Makiivka, Ukraine, was identified as a major developer of the REvil ransomware. Both individuals are accused of orchestrating 130 ransomware incidents across Germany, leading to significant financial losses.
The Impact of REvil’s Operations
Out of the 130 attacks attributed to Shchukin and Kravchuk, 25 resulted in ransom payments totaling €1.9 million ($2.19 million). The overall financial damage from these attacks exceeded €35.4 million ($40.8 million). REvil, also known as Water Mare and Gold Southfield, was notorious for targeting large corporations such as JBS and Kaseya.
The ransomware group’s roots trace back to GandCrab, another infamous e-crime syndicate. Although REvil mysteriously went offline in July 2021, it briefly resurfaced before being dismantled through international law enforcement efforts by October of the same year.
Law Enforcement’s Global Crackdown
In a significant development, Russian authorities arrested several REvil members in January 2022, neutralizing their operations. By October 2024, four members had been sentenced to prison, as reported by Kommersant.
The individual known as UNKN vanished from cybercrime platforms during these operations, leading to another member, known as 0_neday, taking over as the group’s public representative. In an interview, UNKN disclosed his long-standing involvement in ransomware activities, dating back to 2007, and mentioned having numerous affiliates within the group.
The exposure and subsequent arrests of these key players mark a pivotal moment in the ongoing battle against global cybercrime, underscoring the importance of international cooperation in tackling such threats.
