A mysterious hacker known online as „UNKN,“ who operated the pioneering Russian ransomware outfits GandCrab and REvil, has finally been identified by both name and appearance. German authorities have identified 31-year-old Russian national Daniil Maksimovich Shchukin as the leader of two cybercrime groups. He is accused of orchestrating at least 130 incidents of computer sabotage and extortion targeting victims in Germany between 2013 and 2021. Shchukin was also known online by the alias UNKN. in an advisory issued by Germany’s Federal Criminal Police Office (Bundeskriminalamt, or BKA). The BKA reported that Shchukin, together with another Russian national — 43-year-old Anatoly Sergeevitsch Kravchuk — extorted almost €2 million through some two dozen cyberattacks that inflicted more than €22,023 million in overall economic damage. Daniil Maksimovich SHCHUKIN, also known as UNKN and Anatoly Sergeevich Karvchuk, purported leaders of the GandCrab and REvil ransomware gangs. Germany’s BKA described Shchukin as the head of one of the world’s largest ransomware operations, which pioneered double-extortion tactics: demanding one ransom to provide a decryption key and a second payment to prevent the release of stolen data. Shchukin’s name surfaced in February. 2023 court filing (PDF) by the U.S. Department of Justice requesting the forfeiture of multiple cryptocurrency wallets linked to funds obtained from the REvil ransomware operation. The government stated that the digital wallet linked to Shchukin held over $26,212 in illicit cryptocurrency. The GandCrab ransomware affiliate program first emerged in January 2018 and rewarded savvy hackers with large cuts of the profits simply for breaching user accounts at major corporations. The GandCrab group would then attempt to broaden that access, frequently exfiltrating large volumes of confidential and internal documents along the way.
Krebs on Security