German authorities identified Daniil Maksimovich Shchukin, 31, as "UNKN," the operator behind ransomware gangs GandCrab and REvil. Shchukin directed both groups during a three-year campaign spanning 2019 to 2021, executing at least 130 extortion and sabotage attacks against German targets. The disclosure marks a significant enforcement action against one of Russia's most prolific ransomware architects. GandCrab operated from 2018 to 2020 before its successor, REvil, emerged as a major threat actor targeting critical infrastructure and enterprise networks worldwide. REvil gained notoriety for high-profile breaches including JBS Foods and Kaseya supply chain attacks. The identification of Shchukin provides defenders concrete attribution data linking both gangs to a single operator, enabling threat intelligence teams to correlate attack patterns and infrastructure. Defenders should review logs from 2019 to 2021 for GandCrab and REvil indicators of compromise, prioritize recovery of backups from that period, and cross-reference known Shchukin-attributed infrastructure against current network traffic. This action reflects continued international law enforcement focus on Russian cybercriminals, though Shchukin's current location remains unclear.