Germany's Federal Criminal Police Office has successfully identified two prominent figures behind the REvil ransomware operation, which targeted at least 130 victims across the country. The breakthrough represents a significant victory in international law enforcement's ongoing battle against sophisticated cybercriminal networks.
German Police Identify REvil Leadership Figures
REvil, also known as Sodinokibi, operated as a ransomware-as-a-service platform, enabling multiple threat actors to launch coordinated attacks against businesses and organizations worldwide. The operation, which has since been dismantled, was responsible for some of the most damaging cyberattacks in recent years, affecting critical infrastructure and major corporations globally.
REvil Ransomware-as-a-Service Operation Details
One of the identified individuals used the online alias UNKN and served as a key representative for the REvil group. This threat actor played an active role in promoting the ransomware operation, with documented activity dating back to at least June 2019, when they advertised the malware on the XSS cybercrime forum. Such forums served as marketplaces where cybercriminals could recruit affiliates and coordinate large-scale attacks.
International Investigation Dismantles Criminal Network
The identification of these individuals marks a turning point in dismantling the REvil infrastructure. By connecting digital personas to real-world identities, law enforcement agencies can pursue formal charges and work toward extradition when applicable. The investigation demonstrates the collaborative nature of modern cybercrime fighting, with agencies across multiple countries sharing intelligence and forensic evidence.
Cross-Border Cybercrime Threat Remains Active
The targeting of German entities reflects REvil's indiscriminate approach to victim selection. The group operated across borders, demonstrating the transnational nature of ransomware threats. Each victim faced demands for substantial ransom payments, with the operators threatening to publicly leak stolen data if demands went unmet.
This development underscores the importance of international cooperation in combating organized cybercrime. As ransomware operations continue to evolve and pose threats to critical systems, the successful identification of key operators provides hope that even sophisticated criminal networks remain vulnerable to persistent investigative work.