Russian hackers who caused millions in damages have been exposed in Germany
German investigators have identified two suspected hackers from Russia who were behind large-scale cyberattacks. They are suspected of causing hundreds of millions of euros in damages. Both have been placed on an international wanted list, according to Spiegel.
German authorities stated that they have identified two alleged members of the well-known hacker groups GandCrab and REvil. The individuals in question are Daniil Shchukin and Anatoly Kravchuk. According to the investigation, they may have been key figures in digital extortion schemes both in Germany and abroad.
The investigation is being conducted by the Karlsruhe Public Prosecutor’s Office and the Criminal Police of Baden-Württemberg. Authorities there note that the suspects acted as an organizer and a programmer. “They were behind a systematic cyber-extortion scheme,” the investigators’ statement reads. The GandCrab and REvil groups were considered among the most successful in the ransomware sector from 2018 to 2021. Hackers breached company systems, encrypted data, and demanded money for its restoration. If victims refused to pay, the information could be made public.
In Germany alone, at least 130 attacks on companies and institutions are known. Among the victims are medical equipment manufacturers and the Württemberg State Theater in Stuttgart. Total damages are estimated at approximately 35 million euros, although actual losses may be significantly higher. In 25 cases, the victims paid the ransom—a total of about 1.8 million euros. But the main losses are linked not only to the payments but also to operational disruptions, data loss, and system recovery.
The REvil group was also behind one of the most high-profile attacks—the breach of the American IT company Kaseya in 2021. At that time, companies in at least 17 countries were affected.
As investigators explain, the group operated under a so-called partnership model. The organizers created the malware and infrastructure, while the “partners” carried out the attacks directly. They split the proceeds among themselves.
In the summer of 2021, REvil suddenly disappeared. The reasons for this are still unclear, but the total losses from the group’s activities are estimated at hundreds of millions of euros. The investigation has been ongoing for several years, and law enforcement has managed to bring some of the participants to justice. In 2024, one of them was sentenced in the U.S. to 13 years and 7 months in prison.
Also, in late January of this year, a court in Stuttgart sentenced a 46-year-old Ukrainian man to 7 years in prison for participating in extortion schemes and cyberattacks. He was arrested in Bratislava and later extradited to Germany.
Investigators say they were able to track down the suspects by analyzing large data sets, particularly cryptocurrency transactions, as well as through cooperation with law enforcement agencies in Europe and North America. “We tracked their activities step by step,” law enforcement officials note.
Despite progress in the case, both suspects remain at large. They are being sought internationally.
Additionally, another suspect in the arson of a weapons company was detained in the Czech Republic.
