好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内,并且不需要特定的开头。首先,我得仔细阅读文章,理解主要信息。 文章主要讲德国警方BKA识别了两个REvil勒索软件的关键成员,这两人涉及超过130次的攻击。Daniil Shchukin和Anatoly Kravchuk被指控在2019年至2021年间进行了一系列勒索活动,导致了巨大的经济损失。此外,文章还提到了REvil的历史、结构以及一些相关的法律案件。 接下来,我需要将这些信息浓缩到100字以内。重点包括:BKA识别了两名关键人物,他们参与了超过130次攻击,涉及金额巨大,并且有相关的法律行动。 可能会遗漏一些细节,比如REvil的演变、其他成员的案件等,但这些不是核心信息。因此,总结应集中在主要人物和他们的犯罪活动上。 最后,确保语言简洁明了,直接描述内容。 </think> 德国警方BKA识别出两名关键REvil勒索软件成员,与德国超130次攻击有关。Daniil Shchukin和Anatoly Kravchuk涉嫌从2019年至2021年进行多次勒索活动,造成近200万欧元损失及3500万欧元经济损害。 2026-4-6 14:48:9 Author: securityaffairs.com(查看原文) 阅读量:5 收藏
BKA unmasks two REvil Ransomware operators behind 130+ German attacks
German police BKA identified two key REvil ransomware members, linking them to over 130 attacks in Germany.
Germany’s Federal Criminal Police (BKA) has identified two key figures behind the REvil ransomware group, linking them to more than 130 attacks in the country. The first suspect is Daniil Maksimovich Shchukin (31), a Russian national known online as UNKN, who promoted ransomware on cybercrime forums.
“Daniil Maksimovich Shchukin is wanted internationally on suspicion of numerous organized and commercial ransomware extortions targeting businesses, public institutions, and other organizations.” reads the BKA’s Announcement. “From at least the beginning of 2019 until at least July 2021, he and others acted as the leader of one of the world’s largest ransomware groups, known as GandCrab/REvil.”
Between early 2019 and July 2021, Shchukin promoted the ransomware on the popular XSS cybercrime forums.
“An elusive hacker who went by the handle “UNKN” and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across the country between 2019 and 2021.” reported the popular cybersecurity investigator Brian Krebs. “Shchukin was named as UNKN (a.k.a. UNKNOWN) in an advisory published by the German Federal Criminal Police (the “Bundeskriminalamt” or BKA for short). The BKA said Shchukin and another Russian — 43-year-old Anatoly Sergeevitsch Kravchuk — extorted nearly $2 million euros across two dozen cyberattacks that caused more than 35 million euros in total economic damage.”
Krebs remarked that Shchukin’s name appeared in a 2023 U.S. case tied to crypto funds from REvil, including a wallet with over $317,000.
On May 31, 2019, the GandCrab group shut down after earning over $2 billion from ransomware attacks and openly bragged about its success. Around the same time, REvil appeared, led by a figure known as UNKNOWN, who promoted the group on a Russian cybercrime forum and backed it with a $1 million escrow deposit.
Experts see REvil as a rebrand of GandCrab, continuing the same model. UNKNOWN described how he rose from poverty to wealth through cybercrime and reinvested profits to expand and improve the operation like a business.
REvil grew into a powerful ransomware group that targeted large organizations with high revenues and cyber insurance. In July 2021, it attacked Kaseya, impacting over 1,500 organizations. The FBI had already infiltrated REvil’s systems and later released a free decryption key, weakening the group.
In October 2021, the REvil ransomware gang shut down its operation once again after a threat actor had hijacked their Tor leak site and payment portal. The news of the hack was shared by the REvil representative ‘0_neday’ on the XSS hacking forum. He initially confirmed that someone has compromised their server, but later denied it.
The news of the hack was first reported by Dmitry Smilyanets from Recorded Future.
0_neday added that someone brought up the REvil hidden services using their private keys. He also said that the gang did not find signs of compromise to their servers; anyway, they have decided to shut down the operation.
Authorities link Shchukin to the operation and believe he now lives in Russia. Investigators also connect him to earlier cybercrime activity under the alias “Ger0in,” tied to botnets and malware distribution.
German police also added Anatoly Sergeevitsch Kravchuk, a 43-year-old Russian, to the wanted list, accusing him of developing REvil during the same period.
“Anatoly Sergeevich Kravchuk is wanted internationally on suspicion of numerous organized and commercial ransomware extortions targeting businesses, public institutions, and other organizations.” states BKA. “From at least the beginning of 2019 until at least July 2021, he and others acted as the head of one of the world’s largest ransomware groups, known as GandCrab/REvil.”
In October 2024, four former members of the REvil ransomware group were sentenced in Russia for hacking and money laundering, marking a rare case of Russian gang members being convicted in the country.
The four men are Artem Zaets, Alexei Malozemov, Daniil Puzyrevsky, and Ruslan Khansvyarov. They were convicted of illegal payment handling, with Puzyrevsky and Khansvyarov also found guilty of malware use and distribution.
They were found guilty of illegal payment handling, while Puzyrevsky and Khansvyarov were also convicted of using and distributing malware.
“On Friday, October 25, the St. Petersburg Garrison Military Court announced the verdict against Artem Zayets, Aleksey Malozemov, Daniil Puzyrevsky and Ruslan Khansvyarov. The court found them guilty of illegal circulation of means of payment (Part 2 of Article 187 of the Criminal Code of the Russian Federation).” reported Russian news outlet Kommersant. “Puzyrevsky and Khansvyarov were also found guilty of using and distributing malicious programs (Part 2 of Article 273 of the Criminal Code of the Russian Federation), a Kommersant-SPb correspondent reports from the courtroom.”
Zayets and Malozemov received 4.5 and 5 years, while Khansvyarov and Puzyrevsky were sentenced to 5.5 and 6 years in a general regime penal colony.
The four men were identified as part of an investigation on the REvil ransomware group, prompted by a U.S. request linking the group’s leader to cyberattacks on foreign tech firms. The authorities initially identified 14 suspects who were detained, with eight brought to trial and four more – Andrey Bessonov, Mikhail Golovachuk, Roman Muromsky, and Dmitry Korotayev – facing separate charges of illegal computer access. The cases have been sent to the Russian Prosecutor General’s Office for consolidation, and all defendants have been held since early 2022.
On May 2024, the Ukrainian national, Yaroslav Vasinskyi (24), aka Rabotnik, was sentenced to more than 13 years in prison and must pay $16 million in restitution for conducting numerous ransomware attacks and extorting victims.
The man is a member of the REvil ransomware gang and was sentenced for his role in carrying out more than 2,500 ransomware attacks and demanding over $700 million in ransom payments.
In November 2021, the US Department of Justice charged Vasinskyi, REvil ransomware affiliate, for orchestrating the ransomware attacks on Kaseya MSP platform that took place on July 4, 2021.
Vasinskyi (aka Profcomserv, Rabotnik, Rabotnik_New, Yarik45, Yaraslav2468, and Affiliate 22) was arrested on October 8, 2021, while he was trying to enter Poland. Vasinskyi was extradited to the U.S. in March 2022.
Vasinskyi is a REvil ransomware affiliate since at least March 1st, 2019.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, cybercrime)
如有侵权请联系:admin#unsafe.sh