April 6, 2026
Startup vibes, crime edition
Germany Doxes "UNKN," Head of RU Ransomware Gangs REvil, GandCrab
Cops name the ‘mystery boss’; the internet bickers over “doxxing” vs justice
TLDR: German police named Russian Daniil Shchukin as “UNKN,” alleged leader of the REvil and GandCrab ransomware crews. Commenters are split between calling it a clean police ID or misusing “doxxing,” while others joke the gangs ran like a startup—turning a cybercrime reveal into a culture war moment.
Germany’s federal police say they’ve unmasked “UNKN” — the shadowy boss behind ransomware groups REvil and GandCrab — as 31‑year‑old Russian Daniil Shchukin, accused of dozens of extortion hits and millions in damage. But the internet’s not just gasping; it’s arguing. The hottest thread? Semantics with teeth: is this justice or “doxxing” by another name. One camp calls the headline sloppy, insisting doxxing means exposing private info unethically, not naming a suspect on a wanted list. The other camp fires back: he’s on an international bulletin — that’s law enforcement, not internet vigilantism.
Then there’s the startup vibe discourse. Commenters say the gangs operated like a lean tech company: specialization, outsourcing, reinvestment — basically “Silicon Valley, but evil.” The infamous REvil boast (“do evil and get off scot‑free”) and a rags‑to‑riches interview (“I scrounged trash… now I am a millionaire”) became instant meme fuel: “YC, but for ransomware.” Meanwhile, armchair sleuths point to a Spiegel video and claims that CCC hackers had already unmasked one member years ago, sparking “hackers vs cops: who found him first?” drama.
Between the ethical word‑war, the “criminals-as-startup” hot takes, and victory‑lap memes, this reveal isn’t just a bust — it’s a culture clash in the comments, with handcuffs on one side and branding decks on the other.
Key Points
- •Germany’s BKA identified “UNKN/UNKNOWN” as 31-year-old Russian Daniil Maksimovich Shchukin, alleging he led GandCrab and REvil.
- •BKA says Shchukin and Anatoly Sergeevitsch Kravchuk extorted nearly €2 million in about two dozen attacks causing over €35 million in damages in Germany.
- •BKA attributes to GandCrab and REvil the pioneering of double extortion: separate payments for decryption and for not publishing stolen data.
- •A Feb. 2023 U.S. DOJ filing linked Shchukin to a crypto wallet with more than $317,000 from REvil proceeds.
- •GandCrab launched in Jan. 2018, released five major versions, claimed over $2 billion before shutting down in May 2019; REvil emerged soon after, fronted by 'UNKNOWN'.