Germany Seeks Two Russians Linked to GandCrab and REvil Ransomware Groups

International Manhunt for Cybercriminals

According to Главком: German law enforcement has issued an international arrest warrant for two Russian citizens, Daniil Maksimovich Shchukin and Anatolii Serhiiovych Kravchuk. They are suspected of involvement in cybercrimes and have been added to Europol's list of most-wanted individuals. The two are believed to have been key members of the GandCrab and REvil ransomware syndicates, which were active from 2018 to 2021. These groups are notorious for their global ransomware campaigns, which encrypt victims' data and demand payment for its release.

According to German authorities, cyberattacks attributed to these groups caused an estimated €35 million in damages to Germany. In 25 specific cases, ransoms totaling approximately €1.8 million were paid. One of the most infamous attacks was the REvil ransomware strike on the US software company Kaseya in 2021, which disrupted businesses in at least 17 countries.

Sensitive Defense Sector Materials Accessed

In a separate but related development, Ukrainian hackers reportedly gained access to materials from a late October 2025 meeting of a working group within Russia's Ministry of Industry and Trade, specifically its defense-industrial complex department. The disclosed documents revealed that the total budgetary debt of enterprises in the sector exceeded 3.3 billion rubles, while wage arrears to factory workers amounted to over 200 million rubles.

German prosecutors from the General Prosecutor's Office in Karlsruhe and the State Criminal Police Office of Baden-Württemberg stated that the two Russian suspects operated within the criminal organizations, with one acting as a leader and the other as a programmer.

This case underscores the severe threat posed by cybercrime and its substantial economic impact, particularly in Germany where such attacks have led to significant financial losses. The involvement of international law enforcement in investigating these crimes highlights the global nature of cyber threats, which require coordinated efforts to prevent and prosecute the perpetrators.

The incident involving Ukrainian hackers accessing sensitive Russian defense sector materials also points to an intensification of cyber operations amid ongoing geopolitical tensions in the region, illustrating how digital conflict has become a persistent feature of modern state rivalries.

The ongoing threat of cybercrime is further highlighted by recent revelations regarding Russian hackers targeting officials and journalists through encrypted messaging platforms. This alarming trend underscores the complex landscape of cyber threats, as seen in the case of the two Russians linked to major ransomware groups. For a deeper understanding of these coordinated attacks, read more about the targeting of government officials and journalists.