• DOJ seized over $24 million in cryptocurrency tied to Qakbot malware developer Rustam Gallyamov.

  • Qakbot facilitated global ransomware attacks, involving multiple ransomware strains.

  • The seizure reflects coordinated US efforts to disrupt cybercrime and recover illicit digital assets.

The US Department of Justice (DOJ) has moved to seize over $24 million in cryptocurrency linked to Rustam Rafailevich Gallyamov. The Russian national faces federal charges for developing the notorious Qakbot malware. The DOJ announced these actions on May 22, unsealing a civil forfeiture complaint alongside a federal indictment.

Charges Filed Against Qakbot Developer

Rustam Rafailevich Gallyamov, 48, from Moscow, is accused of creating and operating the Qakbot botnet. This malware has been used globally to facilitate ransomware attacks by infecting thousands of computers. The DOJ’s filing signals a major effort to disrupt cybercriminal networks and reclaim illicit profits tied to digital crime.

Matthew Galeotti, who leads the DOJ’s criminal division, said the department remains committed to holding cybercriminals accountable. He stated the DOJ will apply every legal measure to identify, charge, and seize assets from those involved in such activities. Bill Essayli, the US Attorney for California’s Central District, explained that the forfeiture case forms part of an ongoing initiative to dismantle cybercrime.

 He said the DOJ’s action demonstrates its resolve to confiscate criminal earnings and help compensate victims. The seized cryptocurrency exceeds $24 million in value. This amount represents proceeds from the operation of the Qakbot malware, which has inflicted financial harm worldwide. Assistant FBI Director Akil Davis of the Los Angeles Field Office confirmed the Qakbot botnet was disrupted in 2023 through a US-led international operation.

Qakbot’s Role in Global Ransomware Campaigns

It was in 2008 that Alim Gallyamov started using Qakbot, according to the Russian security services. In 2019, the malware caused computers from all over the world to become a major botnet. People in control of the infected machines found buyers in cybercriminals who used different forms of ransomware. The ransomware linked to Qakbot infections includes Prolock, Dopplepaymer, Egregor, REvil, Conti, Name Locker, Black Bast, and Cactus. 

Even after the 2023 disruption of Qakbot’s infrastructure, Gallyamov reportedly tried alternative methods to distribute his malware to partners. The seizure and indictment mark coordinated efforts by US agencies to counteract cybercrime threats. The DOJ and FBI continue targeting criminal operators to interrupt their illicit operations. The forfeiture complaint allows the government to claim digital assets derived from criminal conduct. The case underscores growing law enforcement focus on digital currency as a means to recover proceeds from cybercrime. Authorities maintain efforts to trace and confiscate assets regardless of the cryptocurrency’s form or location. Gallyamov’s case is a further sign that the DOJ is determined to fight serious cyber threats. Taking possession of $24 million in cryptocurrency points to the huge amounts these networks can control. According to investigators, those found to be cybercriminals will be held liable for their actions.