Germany Doxes "UNKN," Head of RU Ransomware Gangs REvil, GandCrab
6 hours ago
- #investigation
- #ransomware
- #cybercrime
- German authorities identify UNKN as Daniil Maksimovich Shchukin, a Russian national, linking him to ransomware groups GandCrab and REvil.
- Shchukin and accomplices extorted nearly 2 million euros from German victims, causing over 35 million euros in economic damage.
- GandCrab and REvil pioneered 'double extortion' tactics, demanding payments for decryption keys and to prevent data leaks.
- Shchukin held over $317,000 in cryptocurrency from REvil proceeds, as noted in a U.S. Justice Department seizure request.
- GandCrab shut down in 2019 after extorting over $2 billion, boasting of its success in a farewell message.
- REvil emerged around GandCrab's demise, led by UNKN, who claimed a rags-to-riches background and reinvested earnings to improve ransomware operations.
- REvil targeted high-revenue organizations, including the Kaseya hack in 2021, which led to FBI infiltration and a free decryption key release.
- Shchukin is suspected to reside in Krasnodar, Russia, and may travel internationally.
- Investigations connect Shchukin to an earlier hacker identity, 'Ger0in', active in botnets from 2010-2011, though not directly tied to UNKN's forum accounts.
- BKA mugshots matched Shchukin to a 2023 birthday celebration photo online, confirming his appearance.