Fog clung to the windows of a Berlin police station last Tuesday as Bundespolizei investigators pinned up grainy photos—tattooed arms, stern faces—of the men who’d bled German firms dry.
German authorities have identified the REvil and GandCrab ransomware bosses: two Russians, Daniil Maksimovich Shchukin, 31, and Anatoly Sergeevitsch Kravchuk, 43. These guys ran the show from early 2019 through at least mid-2021, per the BKA’s bombshell disclosure. Shchukin? He lurked online as UNKN/UNKNOWN, trash-talking on cybercrime forums like a ghost in the machine.
Here’s the tally. At least 130 extortion hits on German companies. Victims coughed up $2.2 million to Shchukin and crew from just 25 payouts. Total wreckage? Over $40 million. Brutal math.
From GandCrab’s Gold Rush to REvil’s Reign
GandCrab kicked off in 2018. Its original boss bailed in June 2019, bragging about $2 billion in ransoms—though they only pocketed $150 million for ‘legal’ ventures. Smells like a pivot to money laundering, doesn’t it?
Enter REvil, aka Sodinokibi. Built on GandCrab’s playbook: affiliate models, cybercrime partnerships, the works. Old GandCrab hands jumped ship, scaled up. They added leak sites, data auctions—pressure tactics that crushed souls.
According to BKA’s disclosure, 31-year-old Daniil Maksimovich Shchukin and 43-year-old Anatoly Sergeevitsch Kravchuk acted as the heads of the two ransomware groups “from at least the beginning of 2019 until at least July 2021.”
Big scores: Texas towns, Acer, that infamous Kaseya supply-chain mess hitting 1,500 victims. Chaos.
But. Post-Kaseya, REvil ghosted for two months. Cops infiltrated servers, watched the scramble. Disruptions piled up. Russia nabbed over a dozen affiliates in 2022—released by 2025 on lighter carding raps. Small fry.
Why Germany Nailed the IDs Now?
BKA’s got the goods: forum posts, money trails, victim chatter. Shchukin’s UNKN alias? Tied tight. Kravchuk? Same orbit. They’re in Russia now, BKA figures—public’s urged to snitch via EU Most Wanted listings. Tattoo pics? Gold for tips.
Look, this isn’t some fluke. Ransomware ops fragment fast—REvil’s 2021 flameout scattered talent. Unclear if these two resurfaced elsewhere. My bet? They’re lurking in fresh crews, rebranded. Remember Conti? Leaders dodged extradition, morphed into Black Basta. History rhymes hard here—that’s my unique callout: Shchukin and Kravchuk echo those ghosts, profiting off Russia’s non-extradition shield while West chases shadows.
Germany’s move pressures affiliates. Partners think twice if bosses get named. Market dynamic shifts: risk premiums spike for Russian ops. But without arrests? It’s theater.
And the PR spin from cops—heroic unveilings—feels thin when perps sip tea in Moscow. Sharp skepticism warranted.
How Bad Was the Damage, Really?
$40 million in Germany alone. Scale global: GandCrab’s $2B claim (even if puffed). REvil? Hundreds of millions, easy. Kaseya rippled—businesses shuttered, data dumped.
Victims paid because backups failed, insurance hiked premiums. Economy-wide, ransomware’s a $20B black market now, per Chainalysis. These two? Architects of that chunk.
Short para. Devastating.
Longer view: affiliates learned. REvil’s leak sites normalized shaming—now standard. Predictions? Without Russia flipping, ops evolve, not end. Bold call—expect Shchukin aliases in 2026 leaks.
Will Identifying REvil Bosses Stop Ransomware?
No. Not yet.
Russia protects its own—geopolitical firewall. US bounties on REvil hit $10M; crickets. EU lists? Awareness bumps, arrests? Rare.
But dynamics tilt. Forums chill—UNKN’s exposed. Affiliates bail. Still, supply chain vulns persist; tools like BAS (breach and attack sims) prove paths exist, per industry chatter. (That whitepaper plug at the end? Spot on—validation gaps everywhere.)
Here’s the thing. Law enforcement wins intel wars now—server breaches, forum dives. Momentum builds. Yet without cuffs, it’s cat-and-mouse.
Critique time. BKA’s transparency rocks—photos aid crowdsourcing. But hype the bust too hard, and victims tune out. Ground it in facts: progress, sure; victory, nah.
What Happens Next for These Fugitives?
BKA wants leads. EU portal live. Tattoos scream ‘track me’—Yakuza-style ink on Russian hacks? Telling.
Prediction: low extradition odds. They’ll low-profile, maybe consult for LockBit 3.0. Or flip to defense—ironic twist.
Market read: ransomware stocks (dark web sense) dip on IDs. Smart operators diversify—RaaS to direct hits.
Wander a sec: imagine Shchukin’s forum rants now, paranoid. Humanizes the hunt.
🧬 Related Insights
- Read more: UK Power Grids and Factories on the Brink: £5M OT Downtime Nightmares Hit 80% of CNI Firms
- Read more: AirSnitch: Wi-Fi’s Encryption Shield Cracked from the Inside
Frequently Asked Questions
Who are the REvil and GandCrab ransomware bosses identified by Germany? Daniil Maksimovich Shchukin (31, aka UNKN) and Anatoly Sergeevich Kravchuk (43), Russians blamed for leading both groups from 2019-2021.
What damage did REvil and GandCrab cause in Germany? Over $40 million total, with $2.2 million paid in ransoms from 25 of 130+ attacks on companies.
Are the REvil leaders caught or still at large? Still free, believed in Russia; BKA seeks public tips via EU Most Wanted.
