German Police Identify Alleged REvil & GandCrab Ransomware Kingpin, Exposing Global Threat Actor Network
What Happened — German federal police (BKA) publicly named 31‑year‑old Daniil Maksimovich Shchukin as the alleged mastermind behind the REvil (Sodinokibi) and GandCrab ransomware operations, and identified an associate, Anatoly Kravchuk, as a developer. The disclosure links the duo to more than 130 ransomware incidents in Germany and billions of euros in global ransom revenue.
Why It Matters for TPRM —
- Confirms a single individual orchestrated a multi‑billion‑dollar ransomware franchise, highlighting the concentration of risk in threat‑actor leadership.
- Provides actionable intelligence for monitoring C2 infrastructure, cryptocurrency wallets, and malware signatures tied to the identified actors.
- Reinforces the need for robust ransomware defenses and double‑extortion mitigation across all third‑party relationships.
Who Is Affected — Financial services, healthcare, manufacturing, SaaS providers, and any organization that has been a historical target of REvil or GandCrab ransomware campaigns.
Recommended Actions —
- Review vendor contracts for ransomware response clauses and verify incident‑response capabilities.
- Update threat‑intel feeds to include indicators of compromise (IOCs) associated with Shchukin and Kravchuk.
- Conduct tabletop exercises simulating double‑extortion scenarios.
Technical Notes — The identification does not disclose a new technical vulnerability; it focuses on the operational leadership of two prolific ransomware groups. Relevant data includes known ransomware payloads, affiliate infrastructure, and cryptocurrency wallet addresses seized in prior investigations. Source: DataBreachToday