According to Cointelegraph, the United States Department of Justice (DOJ) has initiated a civil forfeiture complaint to seize over $24 million in cryptocurrency from Rustam Rafailevich Gallyamov, a Russian national accused of developing the Qakbot malware. This action follows a federal indictment unsealed on May 22, charging the 48-year-old Moscovite with being the mastermind behind the Qakbot botnet. The DOJ's criminal division head, Matthew Galeotti, emphasized the department's commitment to combating cybercrime, stating that they are determined to hold cybercriminals accountable and will utilize every legal tool available to identify, charge, and disrupt their activities.
U.S. Attorney Bill Essayli for the Central District of California elaborated on the ongoing efforts to identify and disrupt cybercriminals, highlighting the significance of the forfeiture action against more than $24 million in virtual assets. This move underscores the DOJ's dedication to seizing ill-gotten gains from criminals to ultimately compensate victims. Assistant Director in Charge Akil Davis of the FBIโs Los Angeles Field Office noted that the Qakbot malware was significantly disrupted by the agency and its partners in 2023. However, Gallyamov allegedly continued to find alternative methods to distribute his malware to potential collaborators.
Gallyamov is accused of operating the Qakbot malware since 2008, using it to infect thousands of computers and establish a botnet. This network of compromised computers was then sold to other cybercriminals who used it to deploy ransomware, including Prolock, Dopplepaymer, Egregor, REvil, Conti, Name Locker, Black Bast, and Cactus. In 2023, a U.S.-led international operation successfully disrupted the Qakbot botnet and malware. Despite this setback, Gallyamov and his associates allegedly continued their activities, adopting new techniques such as directly deploying Black Basta and Cactus ransomware. During the operation, authorities seized over 170 Bitcoin and more than $4 million in USDt and USDC stablecoins from Gallyamov, further illustrating the scale of the cybercriminal enterprise.
