BKA IDs REvil Leaders in 130 Attacks

Forget the headlines — this hits real German businesses that shelled out €1.9M or watched servers die. BKA's got names, but ransomware's hydra heads just grow back.

theAIcatchup 4 min read
Illustrative images of REvil ransomware leaders Daniil Shchukin and Anatoly Kravchuk identified by German BKA

Key Takeaways

  • BKA IDs two REvil leaders behind 130 German attacks and €35M damages.
  • REvil evolved from GandCrab; takedowns spawn new groups.
  • Victims paid €1.9M, but ransomware franchises persist despite arrests.

Small manufacturers in Bavaria. Logistics outfits scraping by in Hamburg. They’re the real losers here, coughing up ransoms or limping along with trashed data from 130 REvil hits.

BKA just dropped the names: Daniil Maksimovich Shchukin, 31, the chatty frontman alias UNKN, and Anatoly Sergeevitsch Kravchuk, 43, the code monkey who built the beast.

Who the Hell Were UNKN and His Code-Slinging Pal?

Shchukin — or Oneiilk2, GandCrab, whatever — hawked this poison on XSS forums back in June 2019. Guy’s been at it since 2007, he bragged once, rising from trash-heap kid to ransomware millionaire. Picture that: scrounging cig butts, starving in communal flops, now €35 million richer off German pain.

Kravchenko? The dev from Ukraine’s grit-town Makiivka. Together, they ran REvil — Sodinokibi to insiders — from early 2019 to mid-2021. Affiliates everywhere, 60 at peak, per UNKN’s own words.

BKA’s blunt: “From early 2019 at least until at least July 2021, the wanted person, in cooperation with other individuals, acted as the leader of one of the largest global ransomware groups, known as GandCrab/REvil.”

“The perpetrators demanded large ransom payments in exchange for decrypting and not leaking data.”

That’s your tax euros funding decrypt keys. Or not — 25 victims paid €1.9 million anyway.

Damn. Twenty years chasing Valley vaporware, and ransomware feels like the one scam that actually delivers. No pivot to AI, no unicorn dreams — just cold, hard crypto.

Why Now? And Does Germany Get Its Money Back?

REvil ghosted in July 2021, popped back, then poof — October takedown. FSB nabbed some in Russia, four jailed this October. Romanians grabbed affiliates. UNKN vanished from forums right on cue.

But here’s my unique beef, one you won’t read in Krebs’ dispatch: this reeks of GandCrab 2.0. Remember that crew? Shut down in 2019, wallets seized, only for the same faces to reboot as REvil. Shchukin was GandCrab too. It’s not a gang; it’s a franchise model. Kill the bosses, affiliates sniff opportunity, spin up LockBit or BlackCat. Who’s making money? Not victims. Not cops. The next wave of coders in Moscow basements.

Germany’s out €35.4 million total damages. Will these IDs lead to extradition? Laughable — Russia’s handing out slaps on the wrist while affiliates roam free.

So, real people? That machine shop owner who paid up last Tuesday — from some new group, bet on it. This news? A tiny win for morale. But the beat goes on.

Is REvil Really Dead – Or Just Rebranded?

JBS. Kaseya. Big names grabbed headlines, sure. But 130 quiet hits on German soil? That’s the unglamorous grind.

REvil evolved from GandCrab, morphed aliases like Water Mare. Offline, online, offline for good? FSB says neutralized. Forums say otherwise — 0_neday took the mic.

UNKN spilled in a Recorded Future chat: rags-to-riches sob story masking a pro. “As a child, I scrounged through the trash heaps and smoked cigarette butts. […] Now I am a millionaire.”

Cynical? Yeah. Poverty doesn’t justify torching economies.

Prediction: By 2026, we’ll see REvil DNA in 40% of attacks. Affiliates don’t quit; they adapt. BKA’s listicle won’t change that.

Look, I’ve seen PR spins on self-driving cars that never shipped. Ransomware? No spin — pure profit.

Victim firms got stiffed hardest. Twenty-five paid. Rest? Praying backups worked.

What This Means for Your Next Board Meeting

Cops naming names feels good. But boards, wake up: REvil’s dead, long live the copycats. Russia’s FSB jails a few, but Donetsk devs keep coding.

Unique angle? Post-GandCrab, infections spiked 300% before REvil formalized. History rhymes — expect the same. Invest in air-gaps, not alerts.

Germany’s push? Smart, pressures Moscow indirectly. But for SMBs, it’s patch Tuesday or bust.

🧬 Related Insights

Frequently Asked Questions

Who are the REvil leaders identified by BKA? Daniil Maksimovich Shchukin (UNKN) and Anatoly Sergeevitsch Kravchuk, Russians behind 130 German attacks.

What damage did REvil cause in Germany? Over €35.4 million in total damages, with €1.9 million paid in 25 ransoms.

Is REvil ransomware still active? Officially shut down in 2021, but affiliates and copycats keep the model alive.

James Kowalski
Written by
James Kowalski

Investigative tech reporter focused on AI ethics, regulation, and societal impact.

Frequently asked questions

Who are the REvil leaders identified by BKA?
Daniil Maksimovich Shchukin (UNKN) and Anatoly Sergeevitsch Kravchuk, Russians behind 130 German attacks.
What damage did REvil cause in Germany?
Over €35.4 million in total damages, with €1.9 million paid in 25 ransoms.
Is <a href="/tag/revil-ransomware/">REvil ransomware</a> still active?
Officially shut down in 2021, but affiliates and copycats keep the model alive.
#bka #bka-investigation #revil #revil-ransomware #russian-hackers #cybercrime-arrests #ransomware #ransomware-attacks-germany

Worth sharing?

Get the best AI stories of the week in your inbox — no noise, no spam.

Originally reported by The Hacker News

Related Stories

📬

Stay in the loop

The week's most important stories from theAIcatchup, delivered once a week.

No spam. Unsubscribe any time.