At the end of last week, German news agencies reported that they had identified a member of the hacker group REvil: a certain Nikolai K., who lives somewhere in southern Russia.
Journalists say that it is not known who first developed the code for REvil, but now there is a group of people who sell this code to anyone who is willing to pay and is interested in extortion. Until recently, REvil worked according to the classic RaaS model (now the group has ceased to operate ) and received deductions in cryptocurrency from their “partners” who hacked companies and extorted ransoms. According to media reports, Nikolai K. is one of the recipients of such payments.
Reporters for Die Zeit and Bayerische Rundfunk have been tracking digital footprints on social media, anonymous Telegram and cryptocurrency for several months. As a result, the journalists were able to establish that bitcoins were transferred at least six times from accounts associated with criminal organizations to an address that belongs to Nikolai K.
“If you google the name he uses on social media, you will find the email address used to register various sites. These sites are connected to several Russian mobile phone numbers. One of these mobile numbers leads to the Telegram account on which the bitcoin address was published. More than 400,000 euros in bitcoins were transferred to this account. Experts from a blockchain analysis company that helps investigators say the money is likely a product of extortion, ”the article reads.
The investigation revealed that Nikolai K. lives with his wife in an unnamed city in southern Russia, in a private house with a swimming pool, and a BMW with more than 600 horsepower is parked in his driveway. The only legitimate business he owns is a small bar in a newly built residential area of the city. This is unlikely to be enough to maintain the lifestyle that the couple demonstrates on social networks.
For example, Die Zeit reports that Nikolai K. owns a € 70,000 Vanguard Encrypto watch with a bitcoin address engraved on the dial and rents yachts for € 1,300 a day when he goes on vacation.
However, recently he prefers to spend his vacation not in Antalya, Dubai or the Maldives, as it was before, judging by the posts on social networks, but in Crimea. The fact is that according to media reports, investigators are closely monitoring his social networks in the hope of finding out when Nikolai K. will go to a country that has a cooperation agreement with Germany, and where he may be arrested. It is reported that a warrant for his arrest has already been prepared. But Nikolai K., apparently, is aware of what is happening and therefore does not leave the country.
Catch up on more stories here
Follow us on Facebook here