Germany Doxes UNKN Head of RU Ransomware Gangs REvil GandCrab Krebs on Security

pAn elusive hacker who went by the handle UNKN and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face Authorities in Germany say 31yearold Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across the country between 2019 and 2021ppShchukin was named as UNKN aka UNKNOWN in an advisory published by the German Federal Criminal Police the Bundeskriminalamt or BKA for short The BKA said Shchukin and another Russian 43yearold Anatoly Sergeevitsch Kravchuk extorted nearly 2 million euros across two dozen cyberattacks that caused more than 35 million euros in total economic damageppDaniil Maksimovich SHCHUKIN aka UNKN and Anatoly Sergeevitsch Karvchuk alleged leaders of the GandCrab and REvil ransomware groupsppGermanys BKA said Shchukin acted as the head of one of the largest worldwide operating ransomware groups GandCrab and REvil which pioneered the practice of double extortion charging victims once for a key needed to unlock hacked systems and a separate payment in exchange for a promise not to publish stolen datappShchukins name appeared in a Feb 2023 filing PDF from the US Justice Department seeking the seizure of various cryptocurrency accounts associated with proceeds from the REvil ransomware gangs activities The government said the digital wallet tied to Shchukin contained more than 317000 in illgotten cryptocurrencyppThe GandCrab ransomware affiliate program first surfaced in January 2018 and paid enterprising hackers huge shares of the profits just for hacking into user accounts at major corporations The GandCrab team would then try to expand that access often siphoning vast amounts of sensitive and internal documents in the process The malwares curators shipped five major revisions to the GandCrab code each corresponding with sneaky new features and bug fixes aimed at thwarting the efforts of computer security firms to stymie the spread of the malwareppOn May 31 2019 the GandCrab team announced the group was shutting down after extorting more than 2 billion from victims We are a living proof that you can do evil and get off scotfree GandCrabs farewell address famously quipped We have proved that one can make a lifetime of money in one year We have proved that you can become number one by general admission not in your own conceitppThe REvil ransomware affiliate program materialized around the same as GandCrabs demise fronted by a user named UNKNOWN who announced on a Russian cybercrime forum that hed deposited 1 million in the forums escrow to show he meant business By this time many cybersecurity experts had concluded REvil was little more than a reorganization of GandCrabppUNKNOWN also gave an interview to Dmitry Smilyanets a former malicious hacker hired by Recorded Future wherein UNKNOWN described a ragstoriches tale unencumbered by ethics and moralsppAs a child I scrounged through the trash heaps and smoked cigarette butts UNKNOWN told Recorded Future I walked 10 km one way to the school I wore the same clothes for six months In my youth in a communal apartment I didnt eat for two or even three days Now I am a millionaireppAs described in The Ransomware Hunting Team by Renee Dudley and Daniel Golden UNKNOWN and REvil reinvested significant earnings into improving their success and mirroring practices of legitimate businesses The authors wroteppJust as a realworld manufacturer might hire other companies to handle logistics or web design ransomware developers increasingly outsourced tasks beyond their purview focusing instead on improving the quality of their ransomware The higher quality ransomwarewhich in many cases the Hunting Team could not breakresulted in more and higher payouts from victims The monumental payments enabled gangs to reinvest in their enterprises They hired more specialists and their success acceleratedppCriminals raced to join the booming ransomware economy Underworld ancillary service providers sprouted or pivoted from other criminal work to meet developers demand for customized support Partnering with gangs like GandCrab cryptor providers ensured ransomware could not be detected by standard antimalware scanners Initial access brokerages specialized in stealing credentials and finding vulnerabilities in target networks selling that access to ransomware operators and affiliates Bitcoin tumblers offered discounts to gangs that used them as a preferred vendor for laundering ransom payments Some contractors were open to working with any gang while others entered exclusive partnershipsppREvil would evolve into a feared biggamehunting machine capable of extracting hefty extortion payments from victims largely going after organizations with more than 100 million in annual revenues and fat new cyber insurance policies that were known to pay outppOver the July 4 2021 weekend in the United States REvil hacked into and extorted Kaseya a company that handled IT operations for more than 1500 businesses nonprofits and government agencies The FBI would later announce theyd infiltrated the ransomware groups servers prior to the Kaseya hack but couldnt tip their hand at the time REvil never recovered from that core compromise or from the FBIs release of a free decryption key for REvil victims who couldnt or didnt payppShchukin is from Krasnodar Russia and is thought to reside there the BKA saidppBased on the investigations so far it is assumed that the wanted person is abroad presumably in Russia the BKA advised Travel behaviour cannot be ruled outppThere is little that connects Shchukin to UNKNOWNs various accounts on the Russian crime forums But a review of the Russian crime forums indexed by the cyber intelligence firm Intel 471 shows there is plenty connecting Shchukin to a hacker identity called Ger0in who operated large botnets and sold installs allowing other cybercriminals to rapidly deploy malware of their choice to thousands of PCs in one go However Ger0in was only active between 2010 and 2011 well before UNKNOWNs appearance as the REvil front manppA review of the mugshots released by the BKA at the image comparison site Pimeyes found a match on this birthday celebration from 2023 which features a young man named Daniel wearing the same fancy watch as in the BKA photosppImages from Daniil Shchukins birthday party celebration in Krasnodar in 2023ppUpdate April 6 1206 pm ET A reader forwarded this Englishdubbed audio recording from a cccde 37C3 conference talk in Germany from 2023 that previously outed Shchukin as the REvil leader Shchuckin is mentioned at around 2425pp
This entry was posted on Sunday 5th of April 2026 1007 PM
ppand fat new cyber insurance policies that were known to pay out ppFree money wants to be freeppFree Willy needs a deeper sense of humor and a diaper changeppmealy There are no free money If the insurance companies lose money they increase the price of the policies so the insured companies increase the price and f the services and in the end the customers feel burn in their pockets due to the free money
Go to school and get a life mornppso basically as long as ur not their customer its free thenppAh bitter pedant makes obvious what was already obvious chefs kiss
Thank you for your deeeeep contributions to society and this discussionppYou might want to watch this
httpsmediacccdev37c312134hirnehackenhackbackeditiont1726
That was more than two years agoppJust link to the video from 37c3 with dubbing httpsmediacccdev37c312134hirnehackenhackbackeditionlengt0ppNobody is safe anymore and hasnt for a while The only way to maybe save the population is for the total banning of data collection and saleppYour email address will not be published Required fields are marked ppComment ppName ppEmail ppWebsite pp

ppppΔdocumentgetElementById akjs1 setAttribute value new Date getTime ppMailing ListppSearch KrebsOnSecurityppRecent PostsppStory CategoriesppWhy So Many Top Hackers Hail from Russiap