UNKN exposed.
Germany’s cops just ripped the mask off one of ransomware’s biggest shadows—31-year-old Russian Daniil Maksimovich Shchukin, the man behind the handles leading GandCrab and REvil. Picture this: a kid scavenging trash heaps, chain-smoking butts, walking miles to a ragged school. Fast-forward, and he’s orchestrating cyber heists that bleed corporations dry, pocketing millions while taunting the world. It’s like a cyberpunk novel crashing into reality, where the villain’s rags-to-riches arc fuels an empire of extortion.
Shchukin’s crew didn’t just lock files—they pioneered double extortion, hitting victims twice: once for decryption keys, again to bury stolen data. The German Federal Criminal Police (BKA) pinned him and partner Anatoly Kravchuk for 130+ attacks in Germany alone, extorting €2 million with €35 million in damages from 2019-2021. But that’s chump change compared to the global bloodbath.
Who Was UNKN, the Ransomware Pioneer?
GandCrab burst onto the scene in 2018, an affiliate program that turned hackers into fat-cat partners—sharing massive profit cuts for breaching big corps. They’d burrow in, snatch docs, ship code updates like clockwork to dodge antivirus nets. Five major versions, each sneakier, until May 2019: shutdown announcement after $2 billion extorted.
“We are a living proof that you can do evil and get off scot-free,” GandCrab’s farewell address famously quipped. “We have proved that one can make a lifetime of money in one year. We have proved that you can become number one by general admission, not in your own conceit.”
Boom. Arrogant exit. Then REvil rises from the ashes—same time, same vibes. UNKN drops $1 million in forum escrow to prove he’s serious. Experts whispered: GandCrab 2.0. And UNKN? He spilled his guts in an interview, rags-to-riches raw.
“As a child, I scrounged through the trash heaps and smoked cigarette butts,” UNKNOWN told Recorded Future. “I walked 10 km one way to the school. I wore the same clothes for six months. In my youth, in a communal apartment, I didn’t eat for two or even three days. Now I am a millionaire.”
Chilling. It’s the American Dream, Russian cyber edition—zero ethics, all edge.
REvil leveled up. They aped legit businesses: outsourcing logistics, web design, even ‘cryptors’ to evade scanners, access brokers for footholds, Bitcoin tumblers for clean cash. Big-game hunters now, targeting $100M+ revenue firms with juicy cyber insurance. Kaseya hack on July 4, 2021? REvil’s masterpiece, chaining through MSPs to thousands of victims.
Why Does Germany Dox Shchukin Now?
BKA’s advisory drops his name, face, ties to a US DOJ seizure of $317K in his crypto wallet from REvil proceeds. Filed Feb 2023, but Germany’s playing catch-up—or sending a message? Here’s my take, the insight no one’s shouting: this doxxing echoes the Wild West manhunts of the 1930s, when feds named Pretty Boy Floyd to turn public sentiment, make crooks human targets. Ransomware gangs thrived on anonymity; slap a face on UNKN, and suddenly affiliates scatter, rivals sniff weakness. Bold prediction: expect copycat busts in Eastern Europe, fracturing the RU ransomware cartel like Prohibition’s end cracked mob families.
Shchukin and Kravchuk? Russians, untouchable at home maybe, but Europe’s closing nets. BKA’s move isn’t just ID’ing—it’s psychological warfare, proving no shadow lasts forever.
Think about it. These gangs built ransomware into a boom economy—specialists popping up like startups in Silicon Valley. ‘Initial access brokers’ hawking network keys; tumblers discounting for volume. REvil reinvested payouts into unbreakable code, accelerating the doom loop. Victims paid more, gangs hired sharper talent, rinse, repeat.
How Did GandCrab and REvil Reshape Cybercrime?
GandCrab’s affiliate model? Genius, wicked. Hackers got 60-80% cuts, motivation sky-high. REvil refined it, hitting enterprises with deep pockets. Double extortion? Their baby—unlock plus silence. Economic damage? Billions. And the swagger—farewell taunts, millionaire flexes—it’s what makes this personal.
But wonder this: in a world where AI’s remaking platforms (yeah, even here—imagine AI scouting vulns for gangs), doxxing humans like Shchukin buys time, not victory. Gangs evolve faster than law catches up. Still, Germany’s strike feels like a thunderclap—energy surging through the hunt.
Kaseya wasn’t isolated. REvil chained supply-side attacks, a tactic now standard. Imagine: one MSP breach, thousands down. Insurance firms paid fat ransoms, fueling the fire. Until FBI’s 2021 op shut REvil’s pipes—temporarily.
Will Doxxing Kill Ransomware Empires?
Short answer? Nah. But it wounds. Shchukin’s exposure—linked to US seizures—shows cross-border heat rising. Russia’s gangs laughed off sanctions before; now faces make extradition dreams real. Unique angle: like Bitcoin’s pseudonymous promise cracking under chain analysis, ransomware’s ‘untraceable’ myth shatters when BKA photographers show up.
Victims? Wake up. These aren’t faceless bots—hungry kids turned tycoons, building McMafia states. Defense means hardening supply chains, ditching insurance crutches, hunting proactively.
And the wonder? Cybercrime’s pace rivals AI’s leap—self-improving, adaptive, merciless. Shchukin’s story? A vivid warning: from garbage to gold, but the long arm of law’s reaching.
**
🧬 Related Insights
- Read more: Project Zero’s Blog Glow-Up: Old Exploits Still Fresh as Yesterday’s Zero-Day
- Read more: WhatsApp’s Spyware Scare: 200 iOS Users Hit by Italian Fake App, Firm in the Crosshairs
Frequently Asked Questions**
What is REvil ransomware and who ran it? REvil was a major ransomware gang post-2019, led by UNKN (Daniil Shchukin), masters of double extortion targeting big firms. They hit Kaseya hard in 2021.
Did Germany arrest GandCrab’s leader? No arrest yet—BKA doxxed Shchukin as head of GandCrab/REvil, linking him to €2M extortions in Germany, but he’s Russian and at large.
How much money did REvil and GandCrab make? GandCrab claimed $2B before quitting; REvil raked millions more, with Shchukin’s wallet alone holding $317K seized by US.
