The **BKA** has publicly named 31-year-old **Daniil Maksimovich Shchukin** and 43-year-old **Anatoly Sergeevitsch Kravchuk** as the individuals heading the **GandCrab** and **REvil** ransomware groups, respectively. According to the BKA, their involvement spanned from at least early 2019 to July 2021. Shchukin, known online as UNKN/UNKNOWN, was a prominent figure on cybercrime forums, acting as a representative for the ransomware operation. German authorities allege that Shchukin and Kravchuk were involved in at least 130 extortion cases targeting German companies. These attacks resulted in at least 25 victims paying approximately $2.2 million in ransom, with the total financial impact estimated to exceed $40 million. **GandCrab's Rise and Fall** **GandCrab** emerged in early 2018. Its leader claimed to have earned $2 billion from ransom payments before purportedly retiring in June 2019, allegedly cashing out with $150 million invested in legitimate businesses.  *GandCrab leader announces retirement (source: BleepingComputer)* **REvil's Emergence and Notorious Attacks** Shortly after GandCrab's apparent demise, **REvil** (also known as Sodinokibi) surfaced, adopting GandCrab's affiliate model. It quickly gained notoriety for its aggressive tactics, including public leak sites and data auctions to pressure victims into paying ransoms. **REvil's** victims included Texas local governments, computer manufacturer **Acer**, and the **Kaseya** supply-chain attack, which affected around 1,500 downstream businesses. **Law Enforcement Intervention and Aftermath** Following the **Kaseya** incident, **REvil** experienced disruptions, with law enforcement reportedly breaching their servers and monitoring their activities. In January 2022, Russian authorities arrested several **REvil** members, who were later released in 2025 after serving time on carding charges. The current whereabouts of Shchukin and Kravchuk are unknown, though the BKA believes they are in Russia. The agency is seeking public assistance in locating them and has added their profiles to the EU's Most Wanted portal.