{"id":231640,"date":"2026-04-06T02:59:00","date_gmt":"2026-04-06T06:59:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/06\/bka-identifies-revil-leaders-behind-130-german-ransomware-attacks\/"},"modified":"2026-04-06T05:05:10","modified_gmt":"2026-04-06T09:05:10","slug":"bka-identifies-revil-leaders-behind-130-german-ransomware-attacks","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/06\/bka-identifies-revil-leaders-behind-130-german-ransomware-attacks\/","title":{"rendered":"BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/bka-identifies-revil-leaders-behind-130.html\">BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/bka-identifies-revil-leaders-behind-130.html\">https:\/\/thehackernews.com\/2026\/04\/bka-identifies-revil-leaders-behind-130.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-06 02:59:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">Apr 06, 2026<\/span><\/span><span class=\"p-tags\">Cybercrime \/ Financial Crime<\/span><\/p>\n<p>Germany&#8217;s Federal Criminal Police Office (aka BKA or the Bundeskriminalamt) has unmasked the real identity of the main threat actors associated with the now-defunct REvil (aka Sodinokibi) ransomware-as-a-service (RaaS) operation.<\/p>\n<p>The threat actor, who went by the alias UNKN, functioned as a representative of the group, advertising the ransomware in June 2019 on the XSS cybercrime forum. He\u00a0has now been identified\u00a0as Daniil Maksimovich\u00a0Shchukin, a 31-year-old Russian national. He\u00a0also went by the online monikers Oneiilk2, Oneillk2, Oneillk22, and\u00a0GandCrab.<\/p>\n<p>The development\u00a0was reported by independent security journalist Brian\u00a0Krebs.<\/p>\n<p>&#8220;From early 2019 at the latest until at least July 2021, the wanted person, in cooperation with other individuals, acted as the leader of one of the largest global ransomware groups, known as GandCrab\/REvil,&#8221; BKA said. &#8220;The perpetrators demanded large ransom payments in exchange for decrypting and not leaking\u00a0data.&#8221;<\/p>\n<p>Also added to the wanted list\u00a0is Anatoly Sergeevitsch\u00a0Kravchuk, a 43-year-old Russian born in the Ukrainian city of Makiivka. He\u00a0is alleged to have acted as the developer of REvil during the same time\u00a0period.<\/p>\n<p>Shchukin and Kravchuk are suspected of having carried out 130 ransomware attacks across Germany. Out\u00a0of these, 25 cases led to the payment of \u20ac1.9\u00a0million ($2.19\u00a0million). The\u00a0incidents collectively incurred financial damages exceeding \u20ac35.4\u00a0million ($40.8\u00a0million).<\/p>\n<p>REvil (aka Water Mare and Gold Southfield) was one of\u00a0the prolific ransomware\u00a0groups that counted companies like JBS and Kaseya among its victims. An\u00a0evolution of\u00a0the GandCrab ransomware, the e-crime\u00a0crew mysteriously went\u00a0offline in mid-July 2021, only to resurface in two months\u00a0later.<\/p>\n<p>By October 2021, the\u00a0group ceased operations, and its data leak site became inaccessible as part of\u00a0a law enforcement\u00a0operation. Weeks\u00a0later, Romanian law enforcement&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/04\/bka-identifies-revil-leaders-behind-130.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks https:\/\/thehackernews.com\/2026\/04\/bka-identifies-revil-leaders-behind-130.html Publish Date: 2026-04-06 02:59:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":231641,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgsBHK8DX9E30isZVcn1e-a6p8bmNUAki0SmUh1Tkt9dP8L3D4_WcwT64CI5OVuh1brb1Z4pff7onp90K76ktHbs6-H6Kr0rq9Q2f03oW91e3mA5dN5XdLDyWNns5NcfXw7BKFzH28SbpaFo9l8TmMeZ7Mt6o1ePanKeFYGa8V1S9Rez_E30SIAx2yvfuNl\/s1600\/revil-ransomware.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[34],"class_list":["post-231640","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/231640"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=231640"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/231640\/revisions"}],"predecessor-version":[{"id":231642,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/231640\/revisions\/231642"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/231641"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=231640"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=231640"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=231640"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}