German Authorities Seek Public's Help in Tracking GandCrab and REvil Ransomware Leaders

German Authorities Seek Public's Help in Tracking GandCrab and REvil Ransomware Leaders

In a significant development in the fight against cybercrime, the German Federal Criminal Police (BKA) has issued a public appeal for assistance in locating two Russian nationals, Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk. These individuals are alleged to be key figures behind the notorious GandCrab and REvil ransomware groups, which have been responsible for extensive cyber extortion activities worldwide.

Background on GandCrab and REvil Operations

Between 2019 and 2021, GandCrab and its successor, REvil (also known as Sodinokibi), operated one of the most lucrative ransomware-as-a-service (RaaS) models. These groups enabled affiliates to deploy ransomware attacks, demanding ransoms for data decryption and non-publication. The BKA's investigations have revealed that in 25 known cases within Germany, victims paid a total of €35.4 million in ransoms. Globally, these operations are believed to have netted over $2 billion, with claims of weekly profits reaching $2.5 million. Shchukin, known by the alias 'UNKN', reportedly boasted annual earnings exceeding $150 million, which he claimed were laundered into legitimate businesses.

High-Profile Attacks and Law Enforcement Response

REvil gained infamy for several high-profile attacks, including the 2021 supply chain incident involving IT management software firm Kaseya, which affected approximately 1,500 organizations. In response, law enforcement agencies, including the FBI, infiltrated REvil's infrastructure, recovering decryption keys and seizing $317,000 in cryptocurrency linked to the group's activities.

Current Status and Public Appeal

According to the BKA, Shchukin is believed to be currently abroad, likely in Russia. The authorities have not ruled out the possibility of his travel and are seeking any information regarding his current whereabouts. The public is encouraged to come forward with relevant information to aid in the apprehension of these individuals.

Implications for Cybersecurity

This appeal underscores the ongoing challenges in combating cybercrime, particularly when perpetrators operate across international borders. The case highlights the importance of global cooperation and public involvement in addressing the threats posed by sophisticated ransomware groups.

For more detailed information, refer to the original report by ITPro: German authorities want your help finding the hackers behind GandCrab and REvil.