German authorities identified Daniil Maksimovich Shchukin, 31, as "UNKN," the operator behind ransomware groups GandCrab and REvil. Shchukin directed at least 130 extortion and computer sabotage attacks targeting German victims between 2019 and 2021. The identification represents a rare breakthrough against a threat actor who maintained operational security across multiple high-profile ransomware campaigns. GandCrab operated from 2018 to 2021 before the group announced a retirement. REvil, which emerged in 2019, became one of the most destructive ransomware operations globally before law enforcement disruptions in 2021 and 2022. The attribution connects both campaigns to a single individual, clarifying the organizational structure behind two distinct but related criminal enterprises. Defenders should review attack logs from 2019 through 2021 for GandCrab and REvil infrastructure indicators to identify past compromises. Organizations hit during this period should assume attackers possessed access to sensitive data and implement breach notification protocols if not already completed. This disclosure underscores the persistence required by law enforcement to dismantle international ransomware operations and demonstrates that operational anonymity eventually erodes against coordinated investigative efforts.