German Authorities Identify Leaders Behind GandCrab and REvil Ransomware Operations

 

Two individuals believed to be central figures in major ransomware campaigns have been named by German authorities. The BKA points to Russians Daniil Maksimovich Shchukin and Anatoly Sergeevitsh Kravchuk as driving forces behind GandCrab and REvil during a period spanning 2019 into 2021. While operating under digital cover, their alleged involvement links them directly to widespread cyberattacks across multiple regions. 

Investigations suggest coordination patterns typical of structured criminal networks rather than isolated actors. Despite shifting online tactics, traces led back through financial flows and communication trails. Charges stem from activities that disrupted businesses globally before takedowns began reducing impact. Evidence compiled over months contributed to international cooperation efforts targeting infrastructure used. Though both remain at large, legal proceedings continue under European warrant systems. 

Allegedly, the pair coordinated global ransomware campaigns, hitting businesses across continents - among them, 130 incidents focused on German firms. Though payouts from those in Germany reached approximately $2.2 million, officials suggest total economic harm went far beyond, surpassing $40 million overall. Early in 2018 came GandCrab, rapidly rising as a dominant ransomware-for-hire platform. 

Affiliates ran attacks - profits split with central creators. Midway through 2019, the crew declared an end, boasting huge earnings. Not long afterward, REvil appeared, thought to stem from the same minds once behind GandCrab. Among cybercrime networks, REvil pushed further than most - adding tricks like leaking hacked files online or selling them off in secret bidding rounds. 

Not long after, headlines followed: Acer found itself under siege, then came the ripple chaos from Kaseya's breach, spreading across around 1,500 businesses tied into its systems. After the Kaseya incident, global police forces stepped up pressure on REvil. Through coordinated moves, they weakened key systems tied to the gang while tracking activity behind the scenes - this surveillance helped secure detentions in Russia by early 2022. Still, no clear trace has surfaced for Shchukin or Kravchuk since then. 

Now thought to be living in Russia, the suspects have prompted German officials to ask citizens for help finding their whereabouts. Appearing on Europe’s most wanted list, they come with photos plus notable physical traits meant to aid recognition. Tracking down these suspects represents progress toward holding key figures accountable in large-scale ransomware operations. 

Still, obstacles remain in bringing hackers to justice when they operate beyond borders - especially in areas where legal handover agreements are weak or absent.