German Police Unmask REvil Ransomware Leader

The German Federal Criminal Police (BKA) has named a Russian national as the mastermind behind the GandCrab and REvil ransomware operations. According to a law enforcement notice, the man, Daniil Maksimovich Shchukin, 31, of Krasnodarskiy, Russia, led the two ransomware operations between early 2019 and mid-2021. Shchukin, the BKA says, was involved in 130 extortion attempts, including 25 in which the victims paid a total of over $2 million in ransoms. The activities are estimated to have caused over $40 million in damages. Shchukin and his co-conspirators, one of whom was identified as Russian national Anatoly Sergeevitsch Kravchuk, 43, targeted both enterprises and public institutions, the BKA says. Operating as a ransomware-as-a-service (RaaS), GandCrab emerged in early 2018 and closed shop in mid-2019, when its operators boasted about making over $150 million per year from the operation. REvil (aka Sodinokibi) emerged around the same time as GandCrab was retiring and was immediately labeled as its successor. In late 2021, law enforcement seized REvil’s servers, and seven individuals associated with the two ransomware operations were arrested. In January 2022, the Russian authorities announced the arrest of multiple individuals allegedly associated with REvil. In 2024, four members of the group were sentenced to prison. According to BKA’s notice, Shchukin is likely residing in Russia. Also known as Oneiilk2, Oneillk2, Oneillk22, UNKN, and GandCrab, he was outed in the past as the leader of REvil.  In 2023, he was mentioned in a DoJ complaint for the seizure of cryptocurrency illegally obtained as part of the REvil operation, as well as in a conference talk in Germany, investigative journalist Brian Krebs points out. Related: Russian Cybercriminal Gets 2-Year Prison Sentence in US Related: US Prisons Russian Access Broker for Aiding Ransomware Attacks Related: Russian Ransomware Operator Pleads Guilty in US Related: Chilean Carding Shop Operator Extradited to US WRITTEN BY Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack TrueConf Zero-Day Exploited in Asian Government Attacks Critical ShareFile Flaws Lead to Unauthenticated RCE React2Shell Exploited in Large-Scale Credential Harvesting Campaign North Korean Hackers Drain $285 Million From Drift in 10 Seconds Cisco Patches Critical and High-Severity Vulnerabilities 250,000 Affected by Data Breach at Nacogdoches Memorial Hospital Mercor Hit by LiteLLM Supply Chain Attack Latest News GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack  Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems White House Seeks to Slash CISA Funding by $707 Million Wynn Resorts Says 21,000 Employees Affected by ShinyHunters Hack Google DeepMind Researchers Map Web Attacks Against AI Agents Guardarian Users Targeted With Malicious Strapi NPM Packages North Korean Hackers Target High-Profile Node.js Maintainers Fortinet Rushes Emergency Fixes for Exploited Zero-Day Trending Webinar: Securing Fragile OT In An Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the Move Scott Goree has been appointed Senior Vice President of Channel and Alliances at Delinea. Kai has named Nick Degnan as Chief Revenue Officer. Joe Sullivan has been appointed Strategic Advisor at cloud security firm Upwind. More People On The Move Expert Insights The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons From OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle With Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How To 10x Your Vulnerability Management Program In The Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose A Critical Flaw In Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Flipboard Reddit Whatsapp Email