The Cyber Criminals Police Are Hunting — And Why So Many Still Run Free

Every day, cybercriminals drain bank accounts, lock hospital systems, and steal millions in cryptocurrency. Police are fighting back — but the battle is far from over.

Law enforcement agencies worldwide are scoring real wins against organized cybercrime. Yet for every arrest, dozens of perpetrators remain untouched, often shielded by geography, encryption, and legal loopholes. Here’s where things stand.

Crypto Thieves Caught Red-Handed

In a recent case reported by Ukraine’s National Police, investigators dismantled an organized group that used malware to steal cryptocurrency worth millions of hryvnias from ordinary citizens.

The scheme was sophisticated and deliberate. The criminals infiltrated crypto-focused Telegram communities, posed as helpful trading advisors, and then sent victims links to fake trading platforms loaded with so-called “crypto-drainer” malware. Once a victim connected their digital wallet, the software silently transferred their funds — no second confirmation needed.

In just one documented case, the group seized over 95,000 USDT, equivalent to nearly 4 million hryvnias. Police conducted 20 simultaneous searches, seized computers and phones, and charged four suspects — including a co-organizer — with fraud and money laundering. Each charge carries up to 12 years in prison.

It’s a clear example of what modern cybercrime looks like: organized, calculated, and built on social engineering as much as technical skill.

Germany Names a Ransomware Kingpin — Who Remains in Russia

Across Europe, German authorities made headlines by publicly identifying the alleged mastermind behind two of the internet’s most destructive ransomware networks. Germany’s Federal Criminal Police Office (BKA) named Daniil Maksimovich Shchukin, a 31-year-old from Krasnodar, Russia, as the hacker known as UNKN — the suspected operator of both GandCrab and REvil.

The numbers behind these operations are staggering. GandCrab, which ran from early 2018 to May 2019, reportedly generated over $2 billion in ransom payments before its operators publicly retired. REvil then emerged using much of the same infrastructure, carrying out 130 documented attacks on German businesses alone, collecting nearly €2 million in ransom while causing over €35 million in total losses.

REvil’s most devastating strike came in July 2021, when the group exploited a vulnerability in Kaseya, a US-based IT management firm. The attack hit around 1,500 organizations over the July 4 holiday weekend, locking systems at small businesses, nonprofits, and local governments across multiple countries.

German authorities also named a second suspect, Anatoly Kravchuk, 43, believed to be living in Russia. Neither man is expected to face extradition. Russia does not surrender its citizens to foreign jurisdictions, meaning both individuals can effectively continue their lives undisturbed — as long as they stay home.

The Extradition Wall: Why So Many Go Free

The Shchukin case highlights the central frustration in global cybercrime enforcement: identifying criminals is only half the battle. Bringing them to justice is often impossible.

Many of the world’s most prolific cybercriminals operate from countries that either lack extradition treaties with the West or actively protect their nationals from foreign prosecution. Russia is the most prominent example, but it is far from alone. Suspects can be named, charged, and internationally wanted — and still attend a barbecue in their hometown that afternoon.

According to the FBI’s Internet Crime Complaint Center, cybercrime losses in the US alone exceeded $12.5 billion in 2023. Globally, the figure runs into the hundreds of billions. Only a fraction of those responsible ever see a courtroom.

Investigators Are Adapting — But the Gap Remains Wide

Despite these structural barriers, law enforcement is evolving. Agencies now prioritize disruption over conviction — taking down servers, seizing cryptocurrency wallets, and publicly exposing suspects even when arrest is impossible. The BKA’s decision to publish Shchukin’s identity strips him of anonymity and severely limits his international travel, making every border crossing a potential arrest.

Cooperation between national agencies has also improved. The takedown of infrastructure linked to REvil involved the FBI, Europol, and multiple national police forces working in parallel. International task forces have grown more coordinated, and cryptocurrency tracing tools have made it harder for criminals to launder digital assets without leaving a trail.

Still, the gap between the scale of cybercrime and the resources dedicated to stopping it remains enormous. For every organized group dismantled in Ukraine or suspect named in Germany, hundreds of operations run undetected.

The Bottom Line

Cybercrime is not an abstract threat. It empties wallets, cripples hospitals, and costs economies billions every year. Police are working harder and smarter than ever — but they are fighting a global problem with tools that still struggle to cross borders.

Staying informed is the first step. Check the security settings on your digital wallets, treat unsolicited trading advice from strangers online with deep suspicion, and report anything that looks like fraud. The more pressure that comes from every direction — legal, technical, and public — the harder it becomes for these networks to operate in the shadows.