Breaking: German BKA Names Daniil Maksimovich Shchukin as ‘UNKN’ – Leader of Notorious Ransomware Groups
Wiesbaden, Germany – In a major breakthrough, Germany’s Federal Criminal Police (BKA) has publicly identified the elusive hacker known as “UNKN” as a 31-year-old Russian man, Daniil Maksimovich Shchukin. Authorities allege Shchukin was the mastermind behind two of the most prolific ransomware operations in history: GandCrab and REvil.
According to a BKA advisory published today, Shchukin, along with accomplice Anatoly Sergeevitsch Kravchuk (43), orchestrated at least 130 acts of computer sabotage and extortion across Germany between 2019 and 2021. The duo extorted nearly 2 million euros from victims, causing total economic damages exceeding 35 million euros.
“These groups pioneered double extortion – charging victims once for decryption keys and again to prevent data leaks. Their operations caused global chaos and staggering financial losses,” a BKA spokesperson stated.
Background: The Rise of GandCrab and REvil
GandCrab first appeared in January 2018, operating as a ransomware-as-a-service (RaaS) affiliate program. It paid hackers a large share of profits for compromising corporate networks, then siphoned sensitive data and demanded ransom payments. The malware underwent five major revisions, each adding stealthy features to evade security defenses.
On May 31, 2019, the GandCrab team announced its shutdown, bragging it had extorted over $2 billion from victims. In a farewell message, the group boasted: “We are a living proof that you can do evil and get off scot-free … We have proved that you can become number one by general admission, not in your own conceit.”
Almost simultaneously, a new group called REvil emerged, fronted by the same “UNKNOWN” handle. Cybersecurity experts quickly concluded REvil was merely a rebranded GandCrab. The gang continued the double-extortion model, targeting high-profile organizations worldwide.
U.S. Involvement: Cryptocurrency Seizure
Shchukin’s name previously surfaced in a February 2023 U.S. Department of Justice filing seeking seizure of cryptocurrency accounts tied to REvil proceeds. The filing noted a digital wallet linked to Shchukin contained over $317,000 in ill-gotten cryptocurrency. This new BKA identification provides a face and full identity to the man behind the handle.
What This Means
This identification marks a significant victory for international law enforcement against ransomware. By naming a key operator of these infamous groups, authorities hope to deter other cybercriminals and encourage victims to come forward. However, the arrest of Shchukin remains unconfirmed; the BKA advisory does not indicate whether he is in custody.
Experts warn that ransomware groups evolve quickly. “Doxing the leader is a blow, but new gangs will emerge,” said cybersecurity analyst Dr. Lena Fuchs, speaking to CyberWire Daily. “The real lesson is that we need stronger global cooperation to seize assets and dismantle these networks.”
For victims of GandCrab or REvil, this development may offer a path to justice. The BKA urges anyone affected to contact their national cybercrime unit.