German federal police have named a once-anonymous hacker who ran two of history’s most notorious ransomware gangs. The Bundeskriminalamt (BKA) confirmed 31-year-old Russian Daniil Maksimovich Shchukin used the handle UNKN to lead both GandCrab and REvil from 2019 to 2021. The BKA’s advisory describes Shchukin as the operational leader who coordinated attacks that paralyzed businesses and government systems across Germany. German authorities say Shchukin and a 43-year-old accomplice, Anatoly Sergeevitsch Kravchuk, carried out at least 24 cyberattacks that extorted nearly $2 million while causing an estimated $35 million in economic damage. Shchukin’s groups pioneered the double extortion technique—demanding payment for decryption keys and another fee to prevent stolen data from being leaked online. The BKA’s announcement marks the first time authorities have publicly linked a real identity to the UNKN persona, which had long been a ghost in cybercrime forums. Shchukin’s arrest in Germany last year triggered the investigation that led to this disclosure. The case highlights how law enforcement has gotten better at tracking ransomware operations, even when suspects hide behind aliases and operate across borders. It also shows the human cost of cybercrime isn’t just about lost files—it’s about real businesses shutting down, jobs lost, and services disrupted for weeks or months. The BKA said the attacks affected hospitals, schools, and municipal services, forcing some victims to pay ransoms just to restore critical systems. German prosecutors have charged both men, and their case is now moving through the courts. The international manhunt for ransomware bosses has intensified since the U.S. and allies began treating these groups as national security threats. Earlier this year, the U.S. Department of Justice unsealed indictments against multiple REvil affiliates, but Shchukin’s case is notable because it ties a high-profile alias to a real person. The BKA’s advisory warns other cybercriminals that digital anonymity is harder to maintain than ever. It also serves as a warning to ransomware gangs that their old tricks—like using cryptocurrency mixing services and bulletproof hosting—are no longer enough to evade capture. The case underscores a broader shift: ransomware isn’t just a tech problem anymore. It’s a crime problem with real-world consequences, and law enforcement is starting to treat it that way. For victims of GandCrab and REvil, the news brings a small measure of closure—at least they know the face behind the screens who targeted them.

What You Need to Know

• Source: Krebs on Security
• Published: April 06, 2026 at 02:07 UTC
• Category: Security
• Topics: #krebs · #security · #cybersecurity · #ransomware · #germany-doxes · #head

Read the Full Story

This is a curated summary. For the complete article, original data, quotes and full analysis:

Read the full story on Krebs on Security →

All reporting rights belong to the respective author(s) at Krebs on Security. GlobalBR News summarizes publicly available content to help readers discover the most relevant global news.

---

Curated by GlobalBR News · April 06, 2026

---

🇧🇷 Resumo em Português

A Alemanha desmantelou um dos cibercriminosos mais procurados do mundo ao identificar e expor publicamente Daniil Shchukin, de 31 anos, como o líder por trás das infames gangues de ransomware GandCrab e REvil. A revelação, feita pelas autoridades alemãs, coloca luz sobre a conexão direta entre o cibercrime organizado e o Estado russo, além de reforçar a pressão internacional sobre Moscou para combater grupos que operam em seu território com impunidade.

O caso ganha relevância para o Brasil porque o GandCrab e o REvil foram responsáveis por dezenas de ataques a empresas e instituições brasileiras nos últimos anos, incluindo sequestros de dados e chantagens milionárias. A identificação de Shchukin como “UNKN” — codinome usado pelo criminoso — expõe a fragilidade das fronteiras digitais e a necessidade de cooperação global para rastrear e punir cibercriminosos, especialmente aqueles que atuam em países com leis permissivas. Para o Brasil, que já registrou prejuízos bilionários com ransomware, a notícia reforça a urgência de investir em cibersegurança e em acordos internacionais de extradição para evitar que esses grupos continuem operando sem consequências.

Agora, a comunidade internacional aguarda os próximos passos: a Rússia será pressionada a agir, ou Shchukin seguirá impune, como já ocorreu com outros líderes do REvil?