April 7, 2026

German Police Crack Down on REvil Ransomware Mastermind

Vaibhav April 7, 2026
German-Police-Crack-Down-on-REvil-Ransomware-Mastermind
Post Views: 11

The Unmasking of a Mastermind: German Police Identify Key Figure Behind GandCrab and REvil Ransomware Operations

A major breakthrough in the fight against ransomware has been achieved with the identification of a Russian national as the mastermind behind the notorious GandCrab and REvil (also known as Sodinokibi) ransomware operations.

Key Figure Identified

  • Daniil Maksimovich Shchukin, 31, of Krasnodarskiy, Russia, has been linked to over 130 extortion attempts, resulting in more than $2 million in ransoms being paid by victims.
  • These illicit activities are estimated to have caused over $40 million in damages.

Ransomware Operations Spanning Multiple Years

Shchukin’s involvement with these ransomware operations spanned from early 2019 to mid-2021.

During this period, he and his co-conspirators, including Russian national Anatoly Sergeevitsch Kravchuk, 43, targeted various entities, including enterprises and public institutions.

As a ransomware-as-a-service (RaaS), GandCrab emerged in early 2018 and shut down in mid-2019, boasting of generating over $150 million annually from its operations.

REvil, emerging concurrently with GandCrab’s retirement, quickly gained notoriety as its successor.

Law Enforcement Efforts Lead to Arrests and Sentences

  • Law enforcement efforts led to the seizure of REvil’s servers in late 2021, followed by the arrest of seven individuals associated with the ransomware operations.
  • Subsequent investigations resulted in the arrest of multiple individuals allegedly tied to REvil in January 2022.
  • By 2024, four members of the group had been sentenced to prison.
According to the German Federal Criminal Police (BKA), Shchukin is believed to reside in Russia under aliases such as Oneiilk2, Oneillk2, Oneillk22, UNKN, and GandCrab.His role in the ransomware operations was previously acknowledged, and he was mentioned in a U.S. Department of Justice complaint related to the seizure of cryptocurrency obtained through the REvil operation.This significant development serves as a testament to international cooperation in combating cybercrime and highlights the importance of continued vigilance in protecting against evolving ransomware threats.



About Author

Vaibhav

See author's posts

More Stories

Cloudflare-Moves-Up-Post-Quantum-Computing-Deadline-Amid-Rapid-Advancements

Cloudflare Moves Up Post-Quantum Computing Deadline Amid Rapid Advancements

Vaibhav April 7, 2026
Acronis-MDR-for-MSPs-24-7-Managed-Detection-and-Response-Services

Acronis MDR for MSPs – 24/7 Managed Detection and Response Services

Vaibhav April 7, 2026
Mumbai-Woman-Arrested-in-Global-Cybercrime-Ring-Linked-to-Surat-

Mumbai Woman Arrested in Global Cybercrime Ring Linked to Surat”,

Vaibhav April 7, 2026

Latest Cyber Security News

Cloudflare-Moves-Up-Post-Quantum-Computing-Deadline-Amid-Rapid-Advancements

Cloudflare Moves Up Post-Quantum Computing Deadline Amid Rapid Advancements

Vaibhav April 7, 2026
Acronis-MDR-for-MSPs-24-7-Managed-Detection-and-Response-Services

Acronis MDR for MSPs – 24/7 Managed Detection and Response Services

Vaibhav April 7, 2026
Fake-LPG-KYC-Messages-Spark-New-Wave-of-Cyber-Frauds-Detected

Fake LPG KYC Messages Spark New Wave of Cyber Frauds Detected

Vaibhav April 7, 2026
Mumbai-Woman-Arrested-in-Global-Cybercrime-Ring-Linked-to-Surat-

Mumbai Woman Arrested in Global Cybercrime Ring Linked to Surat”,

Vaibhav April 7, 2026
Noida-Police-Crack-Down-on-Global-Tech-Support-Scam-Ring-4-Arrested

Noida Police Crack Down on Global Tech Support Scam Ring, 4 Arrested

Vaibhav April 7, 2026
en_USEnglish
en_USEnglish