Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across the country between 2019 and 2021.
Germany has finally unmasked the elusive hacker known as "UNKN," who led the early Russian ransomware groups GandCrab and REvil. The 31-year-old Russian, Daniil Maksimovich Shchukin, has been identified by German authorities as the mastermind behind these cybercrime operations. According to the German Federal Criminal Police (BKA), Shchukin and another Russian individual, 43-year-old Anatoly Sergeevitsch Kravchuk, were responsible for extorting nearly $2 million euros across two dozen cyberattacks that caused over $35 million euros in economic damage between 2019 and 2021.
Shchukin, who operated under the alias UNKN (short for UNKNOWN), was named in an advisory published by the BKA. The German authorities have accused him of heading one of the largest ransomware groups in the world, GandCrab and REvil, which were pioneers in the practice of double extortion. This tactic involves charging victims twice: once for a decryption key to unlock their hacked systems and a separate payment in exchange for a promise not to publish stolen data.
The connection between Shchukin and these ransomware groups has been further solidified by a February 2023 filing from the U.S. Justice Department. The filing sought the seizure of various cryptocurrency accounts linked to the REvil ransomware gang's activities. Notably, the digital wallet tied to Shchukin was found to contain over $317,000 in illicit cryptocurrency.
The GandCrab ransomware affiliate program first emerged in January 2018 and offered significant financial incentives to hackers who could infiltrate user accounts at major corporations. The GandCrab team would then expand their access, often stealing vast amounts of sensitive and internal documents in the process. The malware's curators released five major revisions to the GandCrab code, each corresponding to advancements in the ransomware's capabilities.
Shchukin's involvement in these groups highlights the growing threat posed by ransomware attacks and the sophisticated methods employed by cybercriminals to extort large sums of money from their victims. The identification of UNKN by German authorities marks a significant step in the ongoing efforts to dismantle ransomware operations and bring their leaders to justice. As the cybercrime landscape continues to evolve, it remains crucial for law enforcement agencies and international organizations to collaborate and share intelligence to effectively combat these threats.
