All the current answers and most of the current comments only state the current situation or provide suggestions to take extreme steps.

Just to summarize: There are two possible situations: The coworkers are doing this intentionally, in this case they are malicious in one way or the other, and then extreme caution is necessary. Or the coworkers just don't see the potential and actual problems and dangers, they are causing, then they are "friendly" but should be tought to do better.

So, the following roadmap tries two things at the same time: 1) Try to minimize the potential damage, those coworkers can do, if they are malicious, and 2) try to keep them in the company (so they can develop to being cooperative coworkers in future) if they are friendly:

(btw: I know, you are not the boss, but with the information, others have provided, I guess you will have everything in your hands to convince your boss, to take this thread very serious, so this road map addresses what you boss could do, not what you would do. The only thing you can do is draw attention to your boss. btw2: If you boss still doesn't listen, search for a new job and quit as soon as you found a new one. Because that coworkers are ticking time bombs, regardless of whether they are friendly or malicious - that doesn't matter at all).

1.) Silently make backups of everything you can access. Do not shut down systems in the process, shutting down systems could potentially trigger some sorts of booby traps.

2.) Construct a reason, that the working stations need to shut down. If you need an idea, contact me privately.

3.) Extract the hard drives, make a full image, put them back in. Do this over a weekend or so

4.) If the systems have BIOS level intrusion detection stuff, and you can't circumvent those, construct another reason, why those intrusion detection systems fired.

Those coworkers are creating tools for internal stuff, right? So they don't need access to customer systems and the like?

5.) If they have access to systems, they don't need, change passwords, make sure, there is no sort of public key login, check ports for processes allowing non-standard login. Check cron/at jobs, check inetd, check everything running currently. For every single pid, you have to be able to answer, why that process runs at all.

6.) Get some new employee (really new, completely unknown. He must be a really good expert, because he must be able, to take over their job alone for some month if it should be necessary. You can't just take some random graduated student (not even one with highest grade), you need some of those guys, who never visited a university at all but still knows everything) and insert him into that team to support them. Especially since they are causing blockers on the other workers, it can be easily justified. His official job is to support them, his real job is to learn, how they operate.

Step 6 is especially important, because this way, you have a chance, to actually figure out, whether those coworkers are malicious at all.

If the new guy is being integrated well into the team, then you can assume them being friendly, that new guy should be able to implement necessary changes without any need to tell those guys, that there has been any suspicion against them at all.

If the new guy figures out, they are malicious, but they integrate him, then his job is to play along. Learn everything, find it cool what they are doing, and so on. Pay him twice the money, because he has to work twice, because once he comes home, he has to write down everything he learned and send it to some newly formed team who should take over the work as soon as enough knowledge has transferred.

If the malicious guys don't integrate him, then your only chance is to hope, you got enough data backed up (just for the case) and fire that team. Then you may need two or more additional of that super experts I was talking above, to get a new team into that code very fast.

I hope, this road map helps - at least as a source of inspiration on how to handle this. Maybe, in your company, you have some options, that I can not consider, maybe, there are some cultural differences, so you still have to think about this and maybe adjust the plan.