嗯,用户让我帮忙总结一下这篇文章的内容,控制在一百个字以内。首先,我需要通读整篇文章,抓住主要信息。文章讲的是德国当局识别了一个关键人物,涉及REvil和GandCrab这两个勒索软件团伙。这个人的名字叫Daniil Maksimovich Shchukin,31岁,俄罗斯籍,使用“UNKN”或“UNKNOWN”作为别名。 接下来,文章提到Shchukin参与了至少130次针对德国的网络攻击,并且这两个团伙采用了双重勒索的策略,受害者不仅要支付解密费用,还要支付以防止数据泄露。此外,文章还提到这些团伙如何像企业一样运作,外包任务,形成地下生态系统。 最后,Shchukin目前在俄罗斯,难以被立即抓捕。这标志着执法部门在追踪网络犯罪方面取得了一次胜利,但整个勒索软件行业依然活跃。 现在我需要把这些要点浓缩到100字以内。要包括关键人物、团伙名称、双重勒索策略、组织结构以及现状。这样用户就能快速了解文章的核心内容了。 </think> 德国当局识别出REvil和GandCrab勒索软件团伙的关键人物Daniil Maksimovich Shchukin,并指控其参与针对德国的130次网络攻击。该团伙采用"双重勒索"策略,在全球范围内造成重大经济损失,并通过外包任务形成地下生态系统。尽管Shchukin身份曝光,但其仍可能在俄罗斯难以被追捕。 2026-4-7 07:19:20 Author: thecyberexpress.com(查看原文) 阅读量:19 收藏
German authorities have named a key figure behind some of the most notorious ransomware operations in recent years, linking a real identity to the REvil ransomware gang and its predecessor, the GandCrab ransomware network.
According to Germany’s Federal Criminal Police (BKA), a 31-year-old Russian national, Daniil Maksimovich Shchukin, has been identified as the individual operating under the alias “UNKN” or “UNKNOWN.” Investigators say he led both ransomware gangs and was directly involved in at least 130 cyberattacks targeting victims in Germany between 2019 and 2021.
The identification marks a significant development in the long-running investigation into the REvil ransomware gang, which at its peak was one of the most aggressive and financially successful cybercrime operations globally.
Inside the REvil Ransomware Gang’s Operations
Authorities allege that Shchukin, along with another suspect, Anatoly Sergeevitsch Kravchuk, carried out coordinated attacks that extorted nearly €2 million, while causing more than €35 million in economic damage.
The REvil ransomware gang and GandCrab ransomware group were among the first to popularize “double extortion”, a tactic that changed the ransomware landscape. Victims were not only asked to pay for decryption keys but also pressured to pay again to prevent stolen data from being published.
This model has since become standard across ransomware gangs, making attacks more damaging and recovery more difficult for victims.
From GandCrab to REvil: Evolution of a Cybercrime Enterprise
The GandCrab ransomware operation first appeared in 2018 and quickly gained traction through an affiliate model. Hackers were offered a share of profits in exchange for breaching corporate systems, while the core operators maintained and improved the malware.
Over time, GandCrab released multiple versions of its ransomware, each designed to evade detection and improve effectiveness. By May 2019, the group claimed to have earned over $2 billion before announcing its shutdown.
Soon after, the REvil ransomware gang emerged. Many cybersecurity experts viewed it as a direct continuation or rebranding of GandCrab. Operating under the same alias “UNKNOWN,” the group expanded its reach and began targeting larger organizations with deeper pockets.
REvil became known for “big-game hunting”—focusing on enterprises with significant revenues and cyber insurance coverage, increasing the likelihood of large payouts.
Industrialization of Ransomware Gangs
What makes the REvil ransomware gang particularly significant is how it operated more like a business than a traditional cybercriminal group.
Ransomware developers outsourced tasks such as gaining initial access, encrypting systems, and laundering payments. Specialized actors—like access brokers and crypto laundering services—formed an entire underground ecosystem supporting these attacks.
This structure allowed ransomware gangs to scale operations quickly, reinvest profits, and continuously improve their tools. As a result, attacks became more targeted, more sophisticated, and more difficult to stop.
High-Profile Attacks and Law Enforcement Response
One of the most notable incidents linked to the REvil ransomware gang was the 2021 attack on Kaseya, which impacted over 1,500 businesses worldwide. The scale of the breach demonstrated how ransomware could disrupt entire supply chains.
However, the same attack also marked the beginning of REvil’s decline. The FBI later revealed it had gained access to the group’s infrastructure before the incident but could not act immediately without compromising its investigation.
Subsequent actions, including the release of a free decryption key, weakened the group’s operations significantly.
Following the Money and Identity Trail
Shchukin’s name had previously surfaced in a 2023 U.S. Department of Justice filing related to cryptocurrency seizures tied to REvil activities. Authorities linked him to digital wallets holding over $317,000 in illicit funds.
Despite the identification, German authorities believe Shchukin remains in Russia, beyond immediate reach. “Based on the investigations so far, it is assumed that the wanted person is abroad, presumably in Russia,” the BKA noted.
What This Means for the Ransomware Landscape
The exposure of a suspected leader behind the REvil ransomware gang is a rare win for law enforcement in a space where attribution is often difficult.
But the broader issue remains. The structure pioneered by GandCrab ransomware and refined by REvil continues to influence modern ransomware gangs. The tools, tactics, and business models are still widely used.
Even as individual operators are identified, the ecosystem they helped build continues to operate.
The takeaway is clear: ransomware is no longer just a technical threat—it is an organized, evolving industry.
如有侵权请联系:admin#unsafe.sh