German Authorities Identify REvil Ransomware Leader Daniil Shchukin

Severity: High (Score: 70.5)

Sources: Gbhackers, Technadu, Feeds.Feedburner, Scworld, Securityaffairs.Co

Summary

German federal authorities have identified Daniil Maksimovich Shchukin, a 31-year-old Russian national, as the leader of the REvil ransomware gang, also known by the alias UNKN. Shchukin is linked to at least 130 acts of cyber extortion targeting critical infrastructure in Germany from 2019 to 2021, resulting in nearly €2 million in extorted funds and approximately €35 million in economic damage. He is also associated with the GandCrab ransomware operation, which pioneered double extortion tactics. Alongside his associate Anatoly Sergeevitsch Kravchuk, Shchukin's operations involved demanding payments for both decryption keys and to prevent the public release of stolen data. U.S. Justice Department filings have connected him to cryptocurrency wallets containing over $317,000 in illicit proceeds. Although Shchukin is believed to be residing in Krasnodar, Russia, the identification of his identity and infrastructure may limit his operational capabilities. Key Points: • Daniil Shchukin identified as leader of REvil and GandCrab ransomware gangs. • Shchukin linked to 130 cyber extortion attacks in Germany, causing €35 million in damages. • U.S. authorities have connected Shchukin to over $317,000 in illicit cryptocurrency.

Key Entities

• Ransomware (attack_type)
• Kaseya (company)
• Germany (country)
• Russia (country)
• United States (country)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1486 - Data Encrypted for Impact (mitre_attack)
• T1567 - Exfiltration Over Web Service (mitre_attack)
• Conti (ransomware_group)
• GandCrab (ransomware_group)
• Lockbit (ransomware_group)
• REvil (ransomware_group)