Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab – Krebs on Security

https://krebsonsecurity.com/2026/04/germany-doxes-unkn-head-of-ru-ransomware-gangs-revil-gandcrab/

Publish Date: 2026-04-06 03:46:45

Summary:
German authorities have identified and unmasked “UNKN” (actually Daniil Maksimovich Shchukin) as the mastermind behind two formidable ransomware groups, GandCrab and REvil, known for orchestrating numerous extortion attacks globally. Shchukin, born in 1992, led these operations that generated a staggering $2 million in extortion fees while causing over 35 million euros in damage. His role at the helm of ransomware development introduced the “double extortion” model that combined unlocking victims’ data with threatening to leak their stolen information if demands were not met. Notably, Shchukin’s identity as UNKN was revealed through a U.S. Justice Department filing detailing the seizure of cryptocurrency linked to REvil’s earnings. This unveiling underscores a significant victory in cybercriminal tracking and serves as a warning regarding the sophistication and global impact of cybercrimes orchestrated by individuals like Shchukin.

Key Points:

Daniil Maksimovich Shchukin, masquerading as UNKN, was the mastermind behind major ransomware groups GandCrab and REvil.
Shchukin orchestrated over 130 cyberattacks between 2019 and 2021, extorting nearly $2 million and causing more than 35 million euros in damages.
GandCrab introduced the “double extortion” technique which demanded ransoms twice, once for unlocking systems and again to prevent data release.
Authorities connected Shchukin to “Ger0in,” an earlier active figure in Russian cybercriminal forums, suggesting a long history and evolution in cybercrime tactics.
Shchukin’s identification was confirmed through a combination of image matching, investigation ties to cryptocurrency transactions, and international collaboration.