German authorities have identified Daniil Maksimovich Shchukin, 31, as the elusive hacker known as UNKN who led the notorious GandCrab and REvil ransomware operations. The Bundeskriminalamt (BKA) revealed Shchukin's identity in an official advisory, linking him to over 130 cyberattacks against German victims between 2019 and 2021 that caused more than 35 million euros in economic damage.

Shchukin allegedly extorted nearly 2 million euros through double-extortion schemes that combined data encryption with threats to publish stolen information. His name surfaced in a 2023 U.S. Justice Department filing seeking seizure of cryptocurrency accounts tied to REvil, including a digital wallet containing more than $317,000 in ill-gotten funds. The BKA believes Shchukin remains in Russia, possibly in his hometown of Krasnodar, and may travel internationally.

Shchukin's identification marks a significant breakthrough in tracking one of cybercrime's most prolific figures. His birthday photos from 2023, showing him wearing the same luxury watch as in official mugshots, helped confirm his identity. The revelation connects years of ransomware activity to a single individual who pioneered tactics now standard across the criminal ecosystem, demonstrating how organized cybercrime has evolved into a sophisticated enterprise with specialized roles and services.