Germany’s Federal Felony Police Workplace (aka BKA or the Bundeskriminalamt) has unmasked the actual identification of the principle menace actors related to the now-defunct REvil (aka Sodinokibi) ransomware-as-a-service (RaaS) operation.
The menace actor, who glided by the alias UNKN, functioned as a consultant of the group, promoting the ransomware in June 2019 on the XSS cybercrime discussion board. He has now been recognized as Daniil Maksimovich Shchukin, a 31-year-old Russian nationwide. He additionally glided by the net monikers Oneiilk2, Oneillk2, Oneillk22, and GandCrab.
The event was reported by impartial security journalist Brian Krebs.
“From early 2019 on the newest till not less than July 2021, the needed individual, in cooperation with different people, acted because the chief of one of many largest international ransomware teams, referred to as GandCrab/REvil,” BKA stated. “The perpetrators demanded massive ransom funds in trade for decrypting and never leaking information.”
Additionally added to the needed checklist is Anatoly Sergeevitsch Kravchuk, a 43-year-old Russian born within the Ukrainian metropolis of Makiivka. He is alleged to have acted because the developer of REvil throughout the identical time interval.
Shchukin and Kravchuk are suspected of getting carried out 130 ransomware assaults throughout Germany. Out of those, 25 circumstances led to the fee of €1.9 million ($2.19 million). The incidents collectively incurred monetary damages exceeding €35.4 million ($40.8 million).
REvil (aka Water Mare and Gold Southfield) was certainly one of the prolific ransomware teams that counted firms like JBS and Kaseya amongst its victims. An evolution of the GandCrab ransomware, the e-crime crew mysteriously went offline in mid-July 2021, solely to resurface in two months later.
By October 2021, the group ceased operations, and its information leak website grew to become inaccessible as a part of a regulation enforcement operation. Weeks later, Romanian regulation enforcement authorities introduced the arrest of two people for his or her roles as associates of the REvil ransomware household.
In a uncommon transfer, Russia’s Federal Safety Service (FSB) disclosed in January 2022 that it had arrested a number of members belonging to the infamous REvil ransomware gang and neutralized its operations. 4 of these members had been despatched to a number of years in jail in October 2024, Russian information publication Kommersant reported.
UNKN additionally disappeared from the cybercrime boards coinciding with the operation, prompting one other consumer, REvil (later renamed to 0_neday), to turn into the general public face of the gang’s operations.
In an interview with Recorded Future’s Dmitry Smilyanets in March 2021, UNKN stated he had been within the ransomware enterprise since 2007 and that they’d as many as 60 associates working for the group at one level.
“As a baby, I scrounged via the trash heaps and smoked cigarette butts. I walked 10 km one option to the varsity,” he was quoted as saying. “I wore the identical garments for six months. In my youth, in a communal condominium, I didn’t eat for 2 and even three days. Now I’m a millionaire.”
