Alexander S. The colonial pipeline hacker, better known by his Alias: Sheriff. From Revil, Grand Crab, Trickbot and Conti to Lockbit and now Avois Locker this idiot should be the last one anyone hires, Now I am unaware of rules here on site as I am new to it but he has been indeed doxed. This was confirmed via Breach Forums around 2-3 hours ago when Researcher Pavel Kravkenko AKA D4RK R4BB1T paid a user to screen share breach forums shout box and pm Alexander via shout box and say "sup alex" however he'd erupt into a a fiery response trying to threaten the researcher with death after it became very apparent someone contacted his mother and shared proof of him claiming he'd wish ransomware would kill children in the west. What a gentlemen (Sarcastic) she must be a nice lady. Wishing death upon kids what a horrible take. Seeing lockbit has a heart I do wonder if that dev who hacked the hospital was indeed Alex? Lockbit maybe able to share some knowledge as it won't really do anything for western police since Alex is holed up in Moscow. Unlike the FBI, Researchers were quick to update his new home address from a "Last known to be in St Petersburg" to Living in Moscow.
Making matters worse he also admitted to working with the following:
Trickbot - When he was arrested in February of 2022 following Ukraine's invasion and trying to get the US to back off he was questioned about ReVIL and Trickbot
GrandCrab - Predecessor of Revil
Conti - Was where when he got doxed
New admissions to Lockbit & Avios Locker, Avios? Please ban this dude from working with you Twitter screenshot of admission (Lockbit, Please tell me he has no access as well).
Had some affiliations with Hive Ransomware, Notable by his old account on breach forums where he posted the login credentials.
New Account & Old FBI Document
He hates Pavel so much he came out of hiding?
The FBI Document from Bleeping Computer
Now, this Document is also backed up by OSINT from a 4th researcher.
Pavel, Pancak3, Unknown researcher (I forget his/her name) and Bleeping Computer confirmed the validity of the information the FBI released and Pavel and Pancak3 released a full dox of Sheriff including but not limited to: Device Information, IPv4 Addresses, Passwords, Full Legal Name, Parents and Relatives basic information, Emails, Logins, Cryptocurrency Addresses, Screenshots and other very specific/highly confidential records including Medical records and Habits which include autism and nail biting which no doubt with Autism he may have other diagnosed conditions as Nail biting to the extent which is described is quite strange without the use of drugs or other mental conditions I'd wager something to do with eating or anxiety which maybe part of schizophrenia or Bi-Polar disorder but I am not a doctor and this is pure speculation
And of course to top it all off, Pavel has seemed to gain the attention of federal agencies in at least 3 different nations and is constantly looking for dutch, German, polish and Romanian authorities. With the US, Switzerland and France being marked "filled"
Now due to my lack of knowledge of doxing being allowed or not you can find Sheriff's Dox floating around on Flamebin.com or by simply looking into Pavel's Twitter or through the use of google
To prove he was part of Colonial Pipeline attack he also used the same Gmail Address on breached under his old account hence why it's now "Deleted" and not "banned" as he did scam people.
Figured I'd share since if Pavel is scaring some top tier threat actors into showing their face and ask everyone to be cautious as he seems to have a silver tongue and a eye for errors.
Fun note: According to people around Sheriff he also enjoys feet pics and has a wild fetish for such pics, Spending up to $9,000 USD for them from 1 person. Unlike Lockbit's tattoo idea, this man has spent more on 1 person's feet than lockbit has spent on on tattoos which tattoos are permanent feet pics aren't. Such a strange business model. Lockbit if I was you I'd not open the door to give Pavel any more ammunition which he has enough of already.
Hopefully this comes as a bit of comedic relief, Some news for ransomware developers and the ever lurking researchers. I'll keep everyone up to date with this so long as I remain on the site, since this is a public records case I don't think I'll be banned.
Making matters worse he also admitted to working with the following:
Trickbot - When he was arrested in February of 2022 following Ukraine's invasion and trying to get the US to back off he was questioned about ReVIL and Trickbot
GrandCrab - Predecessor of Revil
Conti - Was where when he got doxed
New admissions to Lockbit & Avios Locker, Avios? Please ban this dude from working with you Twitter screenshot of admission (Lockbit, Please tell me he has no access as well).
Had some affiliations with Hive Ransomware, Notable by his old account on breach forums where he posted the login credentials.
New Account & Old FBI Document
He hates Pavel so much he came out of hiding?
The FBI Document from Bleeping Computer
Now, this Document is also backed up by OSINT from a 4th researcher.
Pavel, Pancak3, Unknown researcher (I forget his/her name) and Bleeping Computer confirmed the validity of the information the FBI released and Pavel and Pancak3 released a full dox of Sheriff including but not limited to: Device Information, IPv4 Addresses, Passwords, Full Legal Name, Parents and Relatives basic information, Emails, Logins, Cryptocurrency Addresses, Screenshots and other very specific/highly confidential records including Medical records and Habits which include autism and nail biting which no doubt with Autism he may have other diagnosed conditions as Nail biting to the extent which is described is quite strange without the use of drugs or other mental conditions I'd wager something to do with eating or anxiety which maybe part of schizophrenia or Bi-Polar disorder but I am not a doctor and this is pure speculation
And of course to top it all off, Pavel has seemed to gain the attention of federal agencies in at least 3 different nations and is constantly looking for dutch, German, polish and Romanian authorities. With the US, Switzerland and France being marked "filled"
Now due to my lack of knowledge of doxing being allowed or not you can find Sheriff's Dox floating around on Flamebin.com or by simply looking into Pavel's Twitter or through the use of google
To prove he was part of Colonial Pipeline attack he also used the same Gmail Address on breached under his old account hence why it's now "Deleted" and not "banned" as he did scam people.
Figured I'd share since if Pavel is scaring some top tier threat actors into showing their face and ask everyone to be cautious as he seems to have a silver tongue and a eye for errors.
Fun note: According to people around Sheriff he also enjoys feet pics and has a wild fetish for such pics, Spending up to $9,000 USD for them from 1 person. Unlike Lockbit's tattoo idea, this man has spent more on 1 person's feet than lockbit has spent on on tattoos which tattoos are permanent feet pics aren't. Such a strange business model. Lockbit if I was you I'd not open the door to give Pavel any more ammunition which he has enough of already.
Hopefully this comes as a bit of comedic relief, Some news for ransomware developers and the ever lurking researchers. I'll keep everyone up to date with this so long as I remain on the site, since this is a public records case I don't think I'll be banned.
