Germany's Federal Criminal Police Office (BKA) has successfully identified the real identities of two prominent figures behind the notorious REvil ransomware-as-a-service (RaaS) operation, which has been linked to over 130 ransomware attacks across the country. Notably, one of the individuals, known by the alias UNKN, was actively involved in promoting the ransomware on cybercrime forums as early as June 2019. This revelation marks a significant development in the ongoing fight against ransomware, particularly as REvil was considered one of the most prolific RaaS groups before its dismantlement in 2021.
For businesses, this announcement serves as a stark reminder of the persistent and evolving threat posed by ransomware groups. Organizations must adopt robust cybersecurity measures, including regular vulnerability assessments, employee training, and incident response plans, to mitigate the risk of falling victim to such attacks. Furthermore, the identification of key players behind these cybercriminal organizations may assist law enforcement agencies in disrupting their operations, but it also underscores the necessity for companies to remain vigilant in their defense strategies. As the landscape of cyber threats continues to evolve, the intersection of cybersecurity and AI will play a crucial role in developing advanced detection and prevention mechanisms against sophisticated ransomware attacks.
---
*Originally reported by [The Hacker News](https://thehackernews.com/2026/04/bka-identifies-revil-leaders-behind-130.html)*