German federal authorities (BKA) publicly attributed ‘UNKN’ (Daniil Maksimovich Shchukin) as the alleged operational leader of the REvil and GandCrab ransomware-as-a-service ecosystems, issuing an arrest warrant; Shchukin remains at large in Russia and no operational disruption to successor ransomware operations should be assumed. This item carries no new CVEs, no new IOCs, and no patch requirement — it is a threat-intelligence and attribution update that should be treated as a prompt to audit RaaS-relevant control gaps including MFA coverage on VPN and RDP, MSP access segmentation, and offline backup integrity. Historical REvil IOCs from CISA Advisory AA21-131A and FBI FLASH CU-000149-MW remain the primary technical reference; organizations should verify current CISA documentation for the latest indicator set.