The German Federal Criminal Police (BKA) has identified 31-year-old Russian Daniil Maksimovich Shchukin as the elusive hacker who went by the handle “UNKN” and ran the early Russian ransomware groups GandCrab and REvil. Authorities say Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across Germany between 2019 and 2021.
Background and Context
GandCrab, one of the largest worldwide operating ransomware groups, emerged in early 2018. The group pioneered the practice of double extortion – charging victims once for a key needed to unlock hacked systems, and a separate payment in exchange for a promise not to publish stolen data. Shchukin's name appeared in a February 2023 filing from the U.S. Justice Department seeking the seizure of various cryptocurrency accounts associated with proceeds from the REvil ransomware gang's activities.
The GandCrab team would then try to expand that access, often siphoning vast amounts of sensitive and internal documents in the process. The malware's curators shipped five major revisions to the GandCrab code, each corresponding with sneaky new features and bug fixes aimed at thwarting the efforts of computer security firms to stymie the spread of the malware.
On May 31, 2019, the GandCrab team announced the group was shutting down after extorting more than $2 billion from victims. "We are a living proof that you can do evil and get off scot-free," GandCrab's farewell address famously quipped. "We have proved that one can make a lifetime of money in one year. We have proved that you can become number one by general admission, not in your own conceit."
Why it Matters to the Industry
The rise and fall of GandCrab and REvil highlights the evolving threat landscape for adult-industry platforms and operators. Ransomware attacks can cause significant economic damage, disrupt business operations, and compromise sensitive data. The practice of double extortion, pioneered by these groups, poses a particular challenge to companies that rely on online transactions and data storage.
The fact that Shchukin's name appeared in a U.S. Justice Department filing seeking the seizure of cryptocurrency accounts associated with REvil's activities underscores the global nature of ransomware attacks. It also highlights the importance of international cooperation in combating cybercrime.
What Comes Next
The BKA believes Shchukin resides in Krasnodar, Russia, where he is from. "Based on the investigations so far, it is assumed that the wanted person is abroad, presumably in Russia," the BKA advised. "Travel behavior cannot be ruled out."
Industry Implications
The identification of Shchukin as the leader of GandCrab and REvil raises questions about the future of ransomware attacks on adult-industry platforms and operators. Will these groups evolve and adapt to new security measures, or will they be replaced by new actors?
Key Facts
- Daniil Maksimovich Shchukin, a.k.a. UNKN, identified as the leader of GandCrab and REvil ransomware groups.
- Shchukin helped carry out at least 130 acts of computer sabotage and extortion against victims across Germany between 2019 and 2021.
- The GandCrab team extorted more than $2 billion from victims before shutting down in May 2019.
- REvil emerged after GandCrab's demise, fronted by a user named UNKNOWN who announced on a Russian cybercrime forum that he'd deposited $1 million in the forum's escrow to show he meant business.
- The BKA believes Shchukin resides in Krasnodar, Russia, where he is from.
- Shchukin's name appeared in a February 2023 filing from the U.S. Justice Department seeking the seizure of various cryptocurrency accounts associated with proceeds from the REvil ransomware gang's activities.