The US Department of Justice (DOJ) recently issued a civil forfeiture complaint to capture over $24 million in cryptocurrency from Rustam Rafailevich Gallyamov, a native of Russia accused of creating the notorious Qakbot malware. Following the unsealing of charges against the 48-year-old Moscow resident, the DOJ publicly expressed its unwavering determination to hold those who exploit cybercriminal activities accountable.
According to the indictment, Gallyamov has been operating the menacing Qakbot malware since 2008. It’s alleged that he used it to install a botnet by infecting thousands of unsuspecting computer users. The botnet’s access was then sold to others who proceeded to infect the computers with more potent and damaging malware, including ransomware such as Prolock, Dopplepaymer, Egregor, REvil, Conti, Name Locker, Black Bast, and Cactus.
The persistence and ingenuity of cybercriminals like Gallyamov is a growing concern. Despite successful efforts by the FBI and its industry partners to cripple Qakbot in 2023, Gallyamov allegedly continued diversifying his methods and offering malware to potential cohorts. That same year, an international operation led by the US managed to disrupt the Qakbot botnet and malware.
Notably, during that disruption, over 170 Bitcoin and more than $4 million in USDt and USDC stablecoin currencies were seized from Gallyamov. Even after this blow to their operation, the indictment alleges that Gallyamov and his co-conspirators pursued their illicit activities, deploying new techniques and malware like Black Basta and Cactus ransomware.
The DOJ has made it clear that it is committed to identifying, disrupting, and holding accountable cybercriminals. The forfeiture case forms part of an ongoing effort to not only catch and penalize these criminals but also to seize their ill-gotten gains and ultimately compensate their victims. This serves as a stark reminder to the public about the importance of cybersecurity and exercising caution online.