German Police Unmask Notorious Ransomware Operators Behind GandCrab/Revi Group
German authorities have identified and charged two key figures behind one of the world’s most prolific ransomware operations, linked to the GandCrab/Revi group. Danii Shchukin (alias UNKN or Unknown) and his associate Kravchuk are accused of orchestrating 130 organized extortion attacks across Germany, with 25 victims paying a total of €1.9 million ($2.2 million) in ransom. The group is estimated to have caused €35.4 million in economic damage.
Shchukin, a well-known figure in cybercriminal circles, has been active since 2019 and was previously associated with the DarkSide ransomware group, infamous for the 2021 Colonial Pipeline attack. According to Mandiant’s Charles Carmakal, Shchukin strictly avoided collaboration with English-speaking hackers and prohibited attacks on Russia or its allies.
Both suspects are believed to be in Russia, though German police warn they may operate elsewhere. Shchukin has been added to Europol’s most-wanted list, marking a significant step in dismantling a major ransomware syndicate. The case underscores the global reach of cybercrime and the challenges of prosecuting operators sheltered in non-cooperative jurisdictions.
Colonial Pipeline Company cybersecurity rating report: https://www.rankiteo.com/company/colonial-pipeline-company
"id": "COL1775838805",
"linkid": "colonial-pipeline-company",
"type": "Ransomware",
"date": "5/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '25 victims paid ransom',
'location': 'Germany'}],
'description': 'German authorities have identified and charged two key '
'figures behind one of the world’s most prolific ransomware '
'operations, linked to the GandCrab/Revi group. Danii Shchukin '
'(alias UNKN or Unknown) and his associate Kravchuk are '
'accused of orchestrating 130 organized extortion attacks '
'across Germany, with 25 victims paying a total of €1.9 '
'million ($2.2 million) in ransom. The group is estimated to '
'have caused €35.4 million in economic damage.',
'impact': {'financial_loss': '€35.4 million in economic damage'},
'investigation_status': 'Ongoing (suspects believed to be in Russia)',
'motivation': 'Financial gain',
'ransomware': {'ransom_paid': '€1.9 million ($2.2 million)',
'ransomware_strain': 'GandCrab/Revi'},
'references': [{'source': 'Mandiant’s Charles Carmakal'},
{'source': 'Europol’s most-wanted list'}],
'regulatory_compliance': {'legal_actions': 'Charges filed against two key '
'figures'},
'response': {'law_enforcement_notified': 'German police'},
'threat_actor': 'GandCrab/Revi Group',
'title': 'German Police Unmask Notorious Ransomware Operators Behind '
'GandCrab/Revi Group',
'type': 'Ransomware'}