German authorities want your help finding the hackers behind GandCrab and REvil

German police have identified two Russian hackers and are calling for help tracking them down.

The German Federal Criminal Police (BKA) said that 31-year-old Daniil Maksimovich Shchukin, who went by the handle 'UNKN', was behind the Russian ransomware groups GandCrab and REvil.

He is suspected of having carried out 130 incidents of gang-related extortion against German organizations, along with 43-year-old Anatoly Sergeevitsch Kravchuk, a Ukraine-born Russian citizen.

Kravchuk is accused of creating and further developing the dark web site used by the group to organize and manage extortion, as well as development of the malware itself.

Across 25 of the cases, the BKA said a total of €35.4 million was paid out in ransom payments.

"Based on investigations conducted so far, the wanted person is believed to be currently abroad, presumably in Russia. It is impossible to rule out potential travel," the BKA said.

"The police are interested in receiving a response to the following question: can you provide any information on the wanted person's current whereabouts?"

REvil mastermind

From the beginning of 2019 until at least July 2021, Shchukin acted as the head of one of the largest ransomware groups globally, known as GandCrab or, later, REvil.

"For the decryption and non-publication of data, the perpetrators demanded high ransoms," said the BKA. "In addition, in some cases, extensive data were also spied on and threatened with the publication of this, unless a ransom was paid."

GandCrab operated a ransomware as a service (RaaS) model, primarily through the use of spam emails. It's believed to have netted a total of more than $2 billion from ransomware attacks, before evolving into REvil, also known as Sodinokibi, in 2019.

“We are a living proof that you can do evil and get off scot-free,” GandCrab said as it bowed out. “We have proved that one can make a lifetime of money in one year. We have proved that you can become number one by general admission, not in your own conceit.”

The group claimed to have been making $2.5 million per week.

"We personally earned more than 150 million dollars per year," Shchukin claimed. "We successfully cashed in this money and legalized it in various spheres of white business both in real life and on the internet."

In its next incarnation as REvil, the group targeted large organizations including IT management software firm Kaseya in a 2021 supply chain attack that saw as many as 1,500 organizations compromised.

Law enforcement agencies including the FBI were eventually able to infiltrate the group’s infrastructure and get hold of its decryption keys, which were then distributed to victims.

The US Justice Department also seized cryptocurrency worth more than $317,000 linked to wallets allegedly controlled by Shchukin.

FOLLOW US ON SOCIAL MEDIA

Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.