Overview
- German prosecutors and Baden‑Württemberg police on Monday named Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchu, obtained arrest warrants, and opened a worldwide search.
- Investigators tie the pair to the GandCrab and successor REvil ransomware crews behind attacks on 130 German companies and public bodies, including medical device makers and the Württemberg State Theater in Stuttgart.
- In 25 German cases victims paid about €1.8 million in ransom, while the attacks caused roughly €35 million in damage in Germany and several hundred million euros worldwide.
- Authorities say they identified the suspects through analysis of cryptocurrency transactions and other datasets with help from partners in Europe and North America, and they believe the men are in Russia.
- REvil’s business model let affiliates carry out break‑ins using shared tools and then split payments, later adding threats to dump stolen data, and affiliates are being prosecuted, including a seven‑year sentence in Stuttgart in January after a 2024 arrest in Bratislava.