DOJ seizes $24M in crypto from Qakbot suspect Gallyamov.
Qakbot malware enabled ransomware attacks since 2008.
2023 operation disrupted Qakbot, seizing Bitcoin and stablecoins.
Forfeited funds aim to compensate ransomware victims.
DOJ intensifies crackdown on global cybercrime networks.
#Qakbot #cryptocurrency #DOJ #ransomware #cybercrime
The U.S. Department of Justice has taken action against a Russian national accused of orchestrating the Qakbot malware operation. Authorities seized over $24 million in cryptocurrency linked to Rustam Rafailevich Gallyamov, who allegedly developed the notorious malware. The civil forfeiture complaint targets assets tied to a botnet responsible for significant global cyber damage.
Gallyamov, a Russian citizen, faces charges for his role in the Qakbot malware, which has been active since 2008. The malware infected systems worldwide, enabling ransomware attacks that caused hundreds of millions in losses. Federal prosecutors aim to confiscate the seized digital assets to compensate victims of these cyberattacks.
Qakbot’s Role in Ransomware Attacks
Qakbot facilitated ransomware operations by providing access to compromised computers. Cybercriminals used the botnet to deploy ransomware strains like Prolock, Dopplepaymer, Egregor, REvil, Conti, Name Locker, Black Bast, and Cactus. These attacks targeted U.S. clinics, companies, and government systems, extracting substantial ransoms.
In 2023, a U.S.-led international operation disrupted Qakbot’s infrastructure. Authorities seized over 170 Bitcoin, along with $4 million in USDT and USDC stablecoins from Gallyamov’s accounts. The operation dismantled parts of the botnet, significantly weakening its global reach. The DOJ’s latest action builds on these efforts to hold perpetrators accountable.
Akil Davis, Assistant Director in Charge of the FBI’s Los Angeles Field Office, emphasized the impact: “The 2023 takedown crippled Qakbot, and this forfeiture underscores our commitment to seizing illicit gains.” The DOJ aims to redirect the confiscated funds to victims, addressing the financial harm caused by the malware.
Ongoing Efforts to Combat Cybercrime
The DOJ’s forfeiture action is part of a broader crackdown on cybercrime networks. Gallyamov’s indictment coincides with charges against 16 others linked to the DanaBot malware, which caused over $50 million in damages. Operation Endgame, a global initiative, supported these efforts by targeting major malware networks.
The seized $24 million includes various cryptocurrencies held in wallets controlled by Gallyamov. Federal authorities traced these assets through blockchain analysis, a method increasingly used to combat cybercrime. The DOJ’s focus on digital assets reflects the growing role of cryptocurrency in illicit activities.
Victims of Qakbot-related ransomware attacks may benefit from the seized funds. The DOJ has prioritized restitution, aiming to provide relief to those affected by the botnet’s operations. This action sends a clear message to cybercriminals: illicit gains are not beyond the reach of law enforcement.
The case highlights the challenges of combating sophisticated malware networks. Qakbot’s long history, spanning over a decade, underscores the persistence of cyber threats. Authorities continue to develop strategies to disrupt such operations and recover stolen assets.