Germany IDs REvil/GandCrab kingpin 'UNKN' as 31-year-old Russian Daniil Shchukin

Germany’s Federal Criminal Police (BKA) have publicly named Daniil Maksimovich Shchukin, a 31-year-old from Krasnodar, Russia, as the operator behind the handle ‘UNKN’/‘UNKNOWN’ who led the GandCrab and REvil ransomware affiliate programs. Investigators tie Shchukin and co-conspirator Anatoly Kravchuk to at least 130 attacks against German targets between 2019 and 2021, with roughly €2 million extorted and over €35 million in total economic damage. Shchukin had previously surfaced in a February 2023 U.S. DOJ forfeiture filing targeting REvil-linked crypto wallets, including one holding more than $317,000.

GandCrab pioneered the affiliate-driven double-extortion model — charging once for decryption and again to suppress leaked data — before its operators staged a public ‘retirement’ in May 2019 claiming over $2 billion in proceeds. REvil emerged almost immediately afterward, fronted by UNKNOWN, and was widely assessed as a rebrand of the same crew. The group industrialized ransomware operations, outsourcing to cryptor services, initial access brokers, and laundering specialists, and pivoted to big-game hunting against high-revenue targets with cyber insurance.

REvil’s run effectively ended after the July 2021 Kaseya supply-chain attack, which prompted the FBI to disclose it had compromised the gang’s infrastructure and to release a universal decryptor. Attribution to Shchukin had been telegraphed as early as a 2023 37C3 conference talk, and image-matching against BKA mugshots links him to public photos from 2023. He is believed to remain in Russia, putting extradition out of reach.