Germany’s Federal Criminal Police Office has identified two alleged REvil ransomware figures in connection with 130 attacks across Germany, including cases that caused more than €35.4 million in financial damage and led to €1.9 million in ransom payments in 25 incidents.
KEY FACTS
- Suspects Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk were added to the wanted list.
- Roles Shchukin is accused of acting as a representative and leader, while Kravchuk is alleged to have been a developer.
- Scope The cases involved 130 ransomware attacks in Germany.
- Impact Authorities said 25 cases led to €1.9 million in payments and total damage topped €35.4 million.
A wanted notice from the Federal Criminal Police Office said Shchukin, a 31-year-old Russian national, used several online aliases, including UNKN and GandCrab. The disclosure said he advertised the ransomware on a cybercrime forum in June 2019.
Kravchuk, 43, was born in the Ukrainian city of Makiivka and is also suspected of being involved during the same period. The report said the two men were associated with the group from early 2019 at the latest until at least July 2021.
REvil, also known as Sodinokibi, was one of the most active ransomware groups before it went offline in 2021 and later stopped operating. The article said the gang had targeted companies including JBS and Kaseya, and that law enforcement actions followed in several countries.
UNKN later disappeared from cybercrime forums, and another figure became the public face of the group. In a 2021 interview, he said he had been in ransomware since 2007 and claimed the group had up to 60 affiliates at one point.
WHY IT MATTERS
The identification adds a new public step in long-running efforts to map REvil’s leadership and organization. It also underscores the financial scale of ransomware operations that can generate large losses even when authorities disrupt the group.