Unmasking âUNKNâ: German Police Expose Alleged Kingpin Behind REvil and GandCrab Ransomware Empires
German authorities have named Daniil Shchukin as the elusive mastermind of two of the worldâs most notorious ransomware gangs, marking a rare breakthrough in the fight against cyber extortion.
For years, the hacker known only as âUNKNâ was a ghost in the machine - an alias whispered in dark web forums, blamed for cyberattacks that crippled hospitals, factories, and governments. Now, in a dramatic twist, German investigators have pierced the veil, revealing the identity of the man they say ran the infamous GandCrab and REvil ransomware syndicates: 31-year-old Russian national Daniil Maksimovich Shchukin.
According to the German Federal Criminal Police (BKA), Shchukinâs alleged reign over GandCrab and its successor REvil marked a turning point in cybercrime history. These groups didnât just steal data - they professionalized ransomware, introducing ruthless business models that reshaped the digital underworld.
The âdouble extortionâ method, which the gangs helped popularize, forced victims into a no-win scenario: pay once to unlock their own files, and pay again to prevent sensitive data from spilling onto the internet. This innovation, combined with a Ransomware-as-a-Service (RaaS) approach - whereby hackers could license malware and share profits - turned GandCrab and REvil into global juggernauts.
From 2018 onward, the groups targeted deep-pocketed organizations, buying stolen network credentials from criminal brokers and laundering millions through shadowy financial networks. Their attacks were brazen and devastating, culminating in the July 2021 Kaseya breach, which paralyzed over 1,500 companies worldwide. Yet, even as ransom demands soared, law enforcement was closing in. The FBIâs covert infiltration of REvilâs infrastructure yielded a universal decryption key, freeing victims and signaling the gangâs demise.
Despite the identification of Shchukin - currently believed to reside in Krasnodar, Russia - justice remains elusive. Extradition is unlikely, but international agencies continue to freeze assets. In 2023, U.S. authorities seized over $317,000 in cryptocurrency traced to Shchukinâs wallets, chipping away at the financial foundations of his empire.
The case marks a rare moment of clarity in a world where cybercriminals thrive on anonymity. By putting a name and face to âUNKN,â investigators hope to disrupt the myth of invincibility that shields ransomware operators - and to send a message: no digital fortress is unbreakable.
As ransomware attacks continue to evolve, the exposure of Shchukin is both a victory and a warning. The fight against cybercrime is far from over, but for once, the shadows have thinned - and the world has seen who stands behind the mask.
WIKICROOK
- Ransomware: Ransomware is malicious software that encrypts or locks data, demanding payment from victims to restore access to their files or systems.
- Double Extortion: Double extortion is a ransomware tactic where attackers both encrypt files and steal data, threatening to leak the data if the ransom isnât paid.
- Ransomware: Ransomware is malicious software that encrypts or locks data, demanding payment from victims to restore access to their files or systems.
- Supply Chain Attack: A supply chain attack is a cyberattack that compromises trusted software or hardware providers, spreading malware or vulnerabilities to many organizations at once.
- Cryptocurrency Seizure: Cryptocurrency seizure is when authorities take control of digital assets, usually by confiscating devices or accounts linked to criminal investigations.
