Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
BKA Unveils Key Figures in REvil Ransomware Operations

BKA Unveils Key Figures in REvil Ransomware Operations

Posted on April 6, 2026 By CWS

Germany’s Federal Criminal Police Office (BKA) has successfully identified key individuals behind the notorious REvil ransomware operation. This group, known for its extensive ransomware-as-a-service activities, has been linked to numerous cyberattacks.

Unmasking the Masterminds

The BKA has revealed that the main actor behind the alias UNKN is Daniil Maksimovich Shchukin, a 31-year-old Russian national. Shchukin, also known by various online names such as Oneiilk2 and GandCrab, was instrumental in promoting the ransomware on cybercrime forums since June 2019. This breakthrough was reported by Brian Krebs, a well-known security journalist.

In conjunction with Shchukin, Anatoly Sergeevitsch Kravchuk, a 43-year-old from Makiivka, Ukraine, was identified as a major developer of the REvil ransomware. Both individuals are accused of orchestrating 130 ransomware incidents across Germany, leading to significant financial losses.

The Impact of REvil’s Operations

Out of the 130 attacks attributed to Shchukin and Kravchuk, 25 resulted in ransom payments totaling €1.9 million ($2.19 million). The overall financial damage from these attacks exceeded €35.4 million ($40.8 million). REvil, also known as Water Mare and Gold Southfield, was notorious for targeting large corporations such as JBS and Kaseya.

The ransomware group’s roots trace back to GandCrab, another infamous e-crime syndicate. Although REvil mysteriously went offline in July 2021, it briefly resurfaced before being dismantled through international law enforcement efforts by October of the same year.

Law Enforcement’s Global Crackdown

In a significant development, Russian authorities arrested several REvil members in January 2022, neutralizing their operations. By October 2024, four members had been sentenced to prison, as reported by Kommersant.

The individual known as UNKN vanished from cybercrime platforms during these operations, leading to another member, known as 0_neday, taking over as the group’s public representative. In an interview, UNKN disclosed his long-standing involvement in ransomware activities, dating back to 2007, and mentioned having numerous affiliates within the group.

The exposure and subsequent arrests of these key players mark a pivotal moment in the ongoing battle against global cybercrime, underscoring the importance of international cooperation in tackling such threats.

The Hacker News Tags:Anatoly Sergeevitsch Kravchuk, BKA, cyber threat, Cyberattack, Cybercrime, Cybersecurity, Daniil Maksimovich Shchukin, data breach, financial crime, GandCrab, Germany, Hacking, law enforcement, Ransomware, REvil

Post navigation

Previous Post: ResokerRAT Exploits Telegram API for Covert Control on Windows
Next Post: AI-Driven Penetration Testing Tool Enhances Linux Security

Related Posts

Langflow Security Flaw Enables Unauthenticated Access Langflow Security Flaw Enables Unauthenticated Access The Hacker News
30,000 Facebook Accounts Hacked in Phishing Scam 30,000 Facebook Accounts Hacked in Phishing Scam The Hacker News
Beware the Hidden Risk in Your Entra Environment Beware the Hidden Risk in Your Entra Environment The Hacker News
New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands The Hacker News
CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet The Hacker News
How ‘Browser-in-the-Middle’ Attacks Steal Sessions in Seconds How ‘Browser-in-the-Middle’ Attacks Steal Sessions in Seconds The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Ubiquiti Exposes 25 Critical UniFi Security Flaws
  • Phishing Campaign Exploits AnyDesk for Espionage
  • GitLost Flaw Exposes GitHub Repos via AI Workflow
  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Ubiquiti Exposes 25 Critical UniFi Security Flaws
  • Phishing Campaign Exploits AnyDesk for Espionage
  • GitLost Flaw Exposes GitHub Repos via AI Workflow
  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark