Goodnight REvil and GandCrab? Police think they've identified two of the biggest cybercrime bosses around

2 hours ago 6

German police seek two Russians tied to GandCrab and REvil
Suspects allegedly extorted €35M from 130 German victims
Public asked to help locate them in Russia

German police have reportedly identified two Russian nationals as likely operators of the GandCrab/REvil ransomware operations, and are now asking the public’s help in determining their whereabouts.

In announcements published on the BKA.de website (machine translated), the police said it was now looking for Daniil Maksimovich Shchukin and Anatoly Sergeevich Kravchuk, two individuals suspected of “numerous gang and commercial extortion by means of ransomware to the detriment of commercial enterprises, public institutions, and other institutions”.

German law enforcement claims the duo served as heads of the “largest globally active ransomware groups called GandCrab/REvil” between early 2019 and July 2021, and during that time attacked 130 organizations in Germany alone. The damage they caused is well over €35 million ($40 million), while the organization raked in at least €1.9 million, it was said.

Article continues below

Who were GandCrab?

The police believe the two are located in Russia and are asking for the public’s help in determining where they are, possibly leading to their arrest. “Travel behavior cannot be ruled out,” the authorities said.

In the early days of ransomware, GandCrab was one of the largest and most active players. It emerged in January 2018 on underground forums, being offered under a Ransomware-as-a-Service (RaaS) model.

By mid-2018 it became one of the most widespread ransomware families, using exploit kits, phishing, and malicious downloads. At the time, it was being actively developed and was receiving constant updates throughout late 2018.

The year 2019 was its peak activity, dominating global ransomware infections and earning affiliates massive profits.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

In June 2019, the operators announced their retirement, saying they made roughly $2 billion, cashed out around $150 million and laundered it into legitimate financial flows. The shutdown inspired different successors, such as REvil/Sodinokibi, which continued the RaaS trend. In 2022, Russia arrested multiple REvil members and released them in 2025 after serving time.

Via BleepingComputer

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read Entire Article