{
	"id": "f9439e30-7b2d-4d65-b212-b8828869eed1",
	"created_at": "2026-04-06T00:17:54.668422Z",
	"updated_at": "2026-04-10T03:20:54.257598Z",
	"deleted_at": null,
	"sha1_hash": "3c85cbd11a511cfabc2e12c365188f0c0940a2bd",
	"title": "German investigators identify REvil ransomware gang core member",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 873524,
	"plain_text": "German investigators identify REvil ransomware gang core member\r\nBy Bill Toulas\r\nPublished: 2021-10-28 · Archived: 2026-04-05 16:10:39 UTC\r\nGerman investigators have reportedly identified a Russian man whom they believe to be one of REvil ransomware gang's\r\ncore members, one of the most notorious and successful ransomware groups in recent years.\r\nThe man is presenting himself as a cryptocurrency investor and trader, but German authorities (including\r\nBundeskriminalamt and Landeskriminalamt Baden-Württemberg) think otherwise after tracking some of the Bitcoin\r\npayments he made over the years.\r\nWhile the suspect's real identity has not been revealed, German media is calling him by the fictitious name 'Nikolay K.', and\r\nreport that investigators linked him to Bitcoin ransom payments associated with the GandCrab ransomware group.\r\nhttps://www.bleepingcomputer.com/news/security/german-investigators-identify-revil-ransomware-gang-core-member/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/german-investigators-identify-revil-ransomware-gang-core-member/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nLaw enforcement tracked these payments following attacks against a software development firm and the State Theater in\r\nStuttgart.\r\nThe same sources claim that the investigators have found strong links between REvil and GandCrab, something that has\r\nbeen suggested numerous times by security researchers and analysts.\r\nNikolay K. didn’t hold back when it came to boasting on social media and showcasing his holidays on the Mediterranean,\r\nposting images from lavish yacht parties.\r\nBut he wasn’t careful enough when it came to hiding his true identity, falsely assuming that masking his links to ransomware\r\noperations with crypto-investment would be enough.\r\nTracked down using an email address\r\nAs the reports detail, the police were able to find Nikolay’s email address, which he used to register to over 60 websites, as\r\nwell as a phone number that he used for his Telegram account.\r\nThat account was supposedly used for legit crypto-trading, but the police were reportedly able to link multiple transactions\r\nworth over 400,000 Euros in crypto to ransom payment events.\r\nSince the crackdown on REvil’s infrastructure, from two weeks ago, the group's members have been extra cautious, but it\r\nappears that Nikolay was unaware of how close the investigators really were to arrest him.\r\nThis summer, Nikolay’s wife traveled for holidays alone, while the ransomware actors stayed in Russia, possibly to avoid\r\nany unexpected arrests while on foreign grounds.\r\nNeither the Federal Criminal Police Office of Baden-Württemberg nor the Stuttgart public prosecutor's office have offered a\r\ncomment on whether they have issued an extradition request to Russia yet, so we are still waiting for an official\r\nconfirmation on the above.\r\nConsidering the dimensions that the ransomware threat has taken at the highest political level, it would be a surprise to see\r\nthe Russians denying the prosecution of Nikolay.\r\nCorrection 10/28/21: Clarified that 'Nikolay K' is a fictitious name and that the real identity has not been revealed.\r\nhttps://www.bleepingcomputer.com/news/security/german-investigators-identify-revil-ransomware-gang-core-member/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/german-investigators-identify-revil-ransomware-gang-core-member/\r\nhttps://www.bleepingcomputer.com/news/security/german-investigators-identify-revil-ransomware-gang-core-member/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/german-investigators-identify-revil-ransomware-gang-core-member/"
	],
	"report_names": [
		"german-investigators-identify-revil-ransomware-gang-core-member"
	],
	"threat_actors": [],
	"ts_created_at": 1775434674,
	"ts_updated_at": 1775791254,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3c85cbd11a511cfabc2e12c365188f0c0940a2bd.pdf",
		"text": "https://archive.orkl.eu/3c85cbd11a511cfabc2e12c365188f0c0940a2bd.txt",
		"img": "https://archive.orkl.eu/3c85cbd11a511cfabc2e12c365188f0c0940a2bd.jpg"
	}
}