Key Takeaways:
- The U.S. Division of Justice seized over $24 million in crypto linked to a Russian nationwide.
- The suspect allegedly ran a cybercrime operation that contaminated computer systems worldwide and later facilitated ransomware assaults.
- The FBI, in collaboration with worldwide companions, led the investigation and plans to return the recovered belongings to the victims.
The U.S. Division of Justice (DOJ) introduced on Might 23 that it has seized over $24 million in cryptocurrency from a Russian nationwide accused of growing and working the Qakbot malware.
The unsealed federal indictment identifies Rustam Rafailevich Gallyamov, 48, of Moscow, because the lead developer behind Qakbot. Gallyamov now faces federal fees for allegedly main a world cybercrime group that contaminated computer systems with malware and facilitated large-scale ransomware assaults.
U.S. Expenses Russian Hacker Behind Qakbot and Disrupts Its Operation
Based on the DOJ, Gallyamov created and managed the malware starting in 2008 and later used it to contaminate hundreds of computer systems worldwide. These contaminated programs had been then used to construct a botnet, which turned a platform for widespread ransomware assaults.
“Right this moment’s announcement of the Justice Division’s newest actions to counter the Qakbot malware scheme sends a transparent message to the cybercrime group,” stated Matthew R. Galeotti, head of the DOJ’s Prison Division. “We’re decided to carry cybercriminals accountable and can use each authorized software at our disposal.”
From 2019 onward, Gallyamov is accused of giving entry to this botnet to different cybercriminal teams. These teams then deployed ransomware strains resembling REvil, Conti, Black Basta, and Cactus. In return, Gallyamov allegedly acquired a share of the ransom funds.
The Qakbot botnet was disrupted in August 2023 as a part of a U.S.-led worldwide operation. On the time, authorities seized over 170 Bitcoin and greater than $4 million in USDT and USDC from Gallyamov.
Nevertheless, based on prosecutors, Gallyamov continued his cyber actions even after the takedown. As a substitute of counting on the botnet, Gallyamov and his associates allegedly switched to new techniques, together with “spam bomb” assaults.
These concerned flooding victims with emails to trick staff into granting entry to their programs. Prosecutors say he continued this exercise as lately as January 2025.
“The costs introduced at the moment exemplify the FBI’s dedication to relentlessly maintain accountable people who goal Individuals and demand ransom, even after they stay midway internationally,” stated Akil Davis, Assistant Director in Cost of the FBI’s Los Angeles Discipline Workplace.
On April 25, the FBI seized one other 30 Bitcoin together with greater than $700,000 in USDT from Gallyamov underneath a court docket warrant. The haul—valued at over $24 million—has been folded right into a civil-forfeiture case within the Central District of California, and the Justice Division says it should return the cash to ransomware victims.
U.S. Lawyer Invoice Essayli emphasised the division’s targets, stating, “The forfeiture motion in opposition to greater than $24 million in digital belongings additionally demonstrates the Justice Division’s dedication to seizing ill-gotten belongings from criminals with a purpose to finally compensate victims.”
The investigation was led by the FBI’s Los Angeles Discipline Workplace in coordination with regulation enforcement in France, Germany, the Netherlands, Denmark, the UK, Canada, and Europol.
New DOJ Circumstances Point out Broader U.S. Crackdown on Crypto-Backed Cybercrime
The $24 million crypto seizure from a Qakbot-linked developer is simply the most recent in a sweeping U.S. crackdown on cybercrime.
In December 2024, U.S. authorities charged Rostislav Panev, a twin Russian-Israeli nationwide, for his alleged function within the infamous LockBit ransomware group.
Panev, who was arrested in Israel final August, stays in custody as extradition proceedings proceed. The DOJ describes him as a key developer behind malware instruments used to disable antivirus software program, entry sufferer networks, and difficulty ransom calls for.
Authorities say he was behind malware that disabled antivirus software program and delivered ransom notes by way of contaminated units. Investigators additionally traced over $230,000 in crypto funds allegedly linked to his exercise.
His lawyer claims he unknowingly created software program utilized by the group and is cooperating with regulation enforcement.
In the meantime, in a sweeping Might 2025 indictment, U.S. officers charged 12 folks, together with Individuals and overseas nationals principally aged 18 to 21, for a crypto-driven racketeering scheme that netted $263 million.
Prosecutors allege the group engaged in coordinated cyberattacks, laundering stolen funds by way of lavish purchases like personal jets, unique vehicles, and luxurious items.
Federal fees are additionally advancing in opposition to Roman Storm, the developer of the sanctioned mixing service Twister Money. Authorities declare the platform was instrumental in laundering billions in illicit crypto.
The publish Qakbot Malware Developer’s $24M in Crypto Seized – Is a Larger DOJ Crackdown Coming? appeared first on Cryptonews.