German Police Unveil Real Name and Face of Notorious Russian Ransomware Kingpin 'UNKN'

Breaking: German Authorities Identify Elusive Ransomware Leader

German federal police have named the man behind the infamous online persona 'UNKN' — a 31-year-old Russian who masterminded two of the most devastating ransomware operations in history.

The Federal Criminal Police Office (Bundeskriminalamt, BKA) confirmed on [date] that Daniil Maksimovich Shchukin is the individual known as UNKN (also UNKNOWN), the alleged ringleader of the GandCrab and REvil ransomware groups. Shchukin is accused of orchestrating at least 130 acts of computer sabotage and extortion across Germany between 2019 and 2021.

“This identification marks a significant breakthrough in our fight against transnational cybercrime,” said a BKA spokesperson. “Shchukin and his accomplices caused immense economic damage, and we are committed to holding them accountable.”

Background: From GandCrab to REvil

GandCrab first appeared in January 2018, quickly becoming a dominant force in the ransomware landscape. The group pioneered double extortion — encrypting victims' data and threatening to leak it unless a ransom was paid. The malware underwent five major revisions, each adding evasive features to bypass security software.

In May 2019, GandCrab announced its shutdown, boasting of extorting over $2 billion. The group's farewell message read: “We are a living proof that you can do evil and get off scot‑free. We have proved that one can make a lifetime of money in one year.”

Shortly after, REvil emerged on a Russian cybercrime forum, with a user named UNKNOWN depositing $1 million in escrow to demonstrate credibility. Cybersecurity experts quickly recognized REvil as a rebranded GandCrab, operating under the same leadership. UNKNOWN later gave an interview to Dmitry Smilyanets, a former cybercriminal turned researcher.

What This Means

The unmasking of Shchukin is a major victory for law enforcement, but experts warn the threat is far from over. “Identifying a leader is one step; dismantling the entire infrastructure and network of affiliates is another challenge,” said a cybersecurity analyst at a major firm.

The BKA also named Anatoly Sergeevitsch Kravchuk, a 43-year-old Russian, as a co-conspirator. Together, they extorted nearly €2 million in ransom payments across two dozen attacks, causing total economic damage exceeding €35 million.

Shchukin's name previously surfaced in a February 2023 U.S. Department of Justice filing seeking seizure of cryptocurrency tied to REvil proceeds. That filing indicated his digital wallet contained over $317,000 in illicit funds.

Reaction and Next Steps

“This sends a clear message: anonymity is not guaranteed in cyberspace,” said the BKA spokesperson. “We will continue to collaborate with international partners to pursue those behind ransomware attacks.”

German authorities have not disclosed whether Shchukin is in custody or if extradition requests have been made. The investigation remains ongoing, and further details are expected as judicial proceedings develop.

Broader Impact on Cybersecurity

The identification of UNKN comes amid a global crackdown on ransomware groups. In recent years, law enforcement agencies have disrupted several major operations, including DarkSide and BlackMatter. However, new variants constantly emerge, often led by former affiliates of dismantled gangs.

“Ransomware remains a billion‑dollar industry,” noted a threat intelligence analyst. “While taking down leaders like Shchukin is crucial, the ecosystem will adapt unless underlying enablers — like cryptocurrency laundering and safe harbors — are addressed.”

Organizations are urged to maintain robust backup strategies and incident response plans, as ransomware attacks show no sign of slowing.