- German police seek two Russians tied to GandCrab and REvil
- Suspects allegedly extorted €35M from 130 German victims
- Public asked to help locate them in Russia
German police have reportedly identified two Russian nationals as likely operators of the GandCrab/REvil ransomware operations, and are now asking the public’s help in determining their whereabouts.
In announcements published on the BKA.de website (machine translated), the police said it was now looking for Daniil Maksimovich Shchukin and Anatoly Sergeevich Kravchuk, two individuals suspected of “numerous gang and commercial extortion by means of ransomware to the detriment of commercial enterprises, public institutions, and other institutions”.
German law enforcement claims the duo served as heads of the “largest globally active ransomware groups called GandCrab/REvil” between early 2019 and July 2021, and during that time attacked 130 organizations in Germany alone. The damage they caused is well over €35 million ($40 million), while the organization raked in at least €1.9 million, it was said.
Who were GandCrab?
The police believe the two are located in Russia and are asking for the public’s help in determining where they are, possibly leading to their arrest. “Travel behavior cannot be ruled out,” the authorities said.
In the early days of ransomware, GandCrab was one of the largest and most active players. It emerged in January 2018 on underground forums, being offered under a Ransomware-as-a-Service (RaaS) model.
By mid-2018 it became one of the most widespread ransomware families, using exploit kits, phishing, and malicious downloads. At the time, it was being actively developed and was receiving constant updates throughout late 2018.
The year 2019 was its peak activity, dominating global ransomware infections and earning affiliates massive profits.
In June 2019, the operators announced their retirement, saying they made roughly $2 billion, cashed out around $150 million and laundered it into legitimate financial flows. The shutdown inspired different successors, such as REvil/Sodinokibi, which continued the RaaS trend. In 2022, Russia arrested multiple REvil members and released them in 2025 after serving time.
Via BleepingComputer
