Germany's BKA Identifies Two REvil Ransomware Operators Behind 130 Attacks

6 Apr 2026

BreakingNewsCyberCrimeSecurityBKACybercrimeGandCrabransomwareHackinghackingnewsinformationsecuritynewsITInformationSecuritymalwarePierluigiPaganiniREvilransomwareSecurityAffairsSecurityNews

Germany’s Federal Criminal Police (BKA) identified two key operators of the REvil ransomware group, linking them to over 130 attacks targeting entities in Germany. The suspects include Daniil Maksimovich Shchukin (31), a Russian national, though further details about the second individual were not disclosed. The investigation focuses on the group’s involvement in ransomware incidents but does not specify exact dates or technical methods used in the attacks. REvil, also known as Sodinokibi, has been associated with high-profile ransomware campaigns, including the GandCrab ransomware family. No CVE IDs or specific malware variants were mentioned in connection with these attacks. The BKA’s action marks a significant step in attributing cybercriminal activity to specific individuals.