The Man Behind REvil and GandCrab Finally Has a Name. He's Still Free.

John Z Black Apr 7, 2026 Ransomware & Cybercrime #revil #gandcrab #unkn #shchukin #bka #ransomware #law-enforcement

For seven years, the guy who built the blueprint for modern ransomware was just a forum handle. UNKN. The mastermind behind GandCrab and REvil, two operations that caused billions in damage.

Now Germany’s BKA has put a real name to the handle: Daniil Shchukin, age 31. His co-conspirator Anatoly Kravchuk, 43, is also named. Together they’re linked to at least 130 acts of computer sabotage and extortion in Germany alone.

GandCrab invented the ransomware franchise model in 2018. Recruit hackers, give them a cut, run the infrastructure as a service. Before GandCrab, ransomware was mostly solo work. After it, every major group copied the playbook. When GandCrab “shut down” in 2019, REvil appeared immediately with the same code and the same guy running it. The BKA just formally confirmed what researchers suspected all along.

REvil went on to hit Kaseya (affecting up to 1,500 businesses) and JBS Foods (eleven million dollar ransom). Shchukin, as UNKN, even gave an interview bragging about going from scrounging through trash heaps to being a millionaire.

The investigative work is real. Seven years from hypothesis to government confirmation. But Shchukin is believed to be in Russia. Russia doesn’t extradite. His name is public. His photo is on a wanted poster. He is still free.

Get the full story on how Germany finally named the man behind REvil