Federal prosecutors also filed a complaint seeking the forfeiture of more than $24 million in cryptocurrency seized from the defendant.
The Department of Justice (DOJ) on May 22 unsealed charges against a Russian citizen accused of leading a cybercriminal group responsible for the Qakbot malware, which has targeted hundreds of thousands of computers across the United States and globally.
Rustam Rafailevich Gallyamov, 48, of Moscow, allegedly created Qakbot in 2008 and began using it in 2019 to infect computers with ransomware, targeting companies in various sectors, including a dental clinic in Los Angeles, a music company in Tennessee and an insurance company in Maryland, according to the indictment.
After infiltrating victims’ computers, Gallyamov and his co-conspirators allegedly demanded ransom payments from victims seeking to regain access to their computers and prevent the release of stolen private data.
Prosecutors stated that Gallyamov also partnered with ransomware groups by giving them access to compromised computers in exchange for a share of the ransom payments collected from victims.
The DOJ said that it has filed a complaint seeking the forfeiture of more than $24 million in cryptocurrency seized from Gallyamov throughout the investigation, as it aims to return those funds to victims.
“The criminal charges and forfeiture case announced today are part of an ongoing effort with our domestic and international law enforcement partners to identify, disrupt, and hold accountable cybercriminals,” U.S. Attorney Bill Essayli for the Central District of California said in a statement.
“The forfeiture action against more than $24 million in virtual assets also demonstrates the Justice Department’s commitment to seizing ill-gotten assets from criminals in order to ultimately compensate victims.”
In 2023, a U.S.-led multinational operation—joined by France, Germany, the Netherlands, the United Kingdom, Romania, and Latvia—disrupted the Qakbot botnet and malware, seizing about $8.6 million in cryptocurrency, according to a previous statement.
At the time, authorities discovered that Qakbot had infected more than 700,000 computers worldwide, including 200,000 in the United States.
According to the indictment, Gallyamov and his co-conspirators allegedly resorted to another hacking mechanism named the “spam bomb” attack to trick employees of targeted companies into granting access to their computer systems.
