The U.S. Department of Justice has taken new action against a Russian man accused of building and running the Qakbot malware. On April 25, agents seized over $24 million in cryptocurrency from Rustam Rafailevich Gallyamov.
The government used a civil forfeiture complaint to seize those funds. The allegations are that Gallyamov organized a cybercrime gang. They engaged in stealing information using malware and dispersing ransomware.
The FBI monitored Gallyamov over the years. He began spreading malware in 2008. By 2019, Qakbot infected computers in the thousands across the world. It provided attackers with remote access.
Qakbot down, crypto crimes persist
They then conducted ransom attacks using software such as REvil, Conti, and Black Basta. Gallyamov received a share of the ransom money. In August 2023, the Qakbot botnet was dismantled by international law enforcement.
But Gallyamov persevered. He employed novel tricks such as email spam attacks to get to victims. Authorities say he continued to target U.S. systems as late as January 2025.
The confiscated crypto totaled over 200 bitcoins and significant volumes of stablecoins. The DOJ indicated it will attempt to restore the funds to the victims. The investigation depended upon the assistance of France, Germany, the Netherlands, Denmark, Canada, and the United Kingdom.
Crypto seizure fuels global crackdown
The Los Angeles-based case was led by the FBI. European agents and the DOJ cybercrime team assisted the efforts. Full forfeiture of the assets seized is being sought in the civil complaint. Gallyamov is charged with a crime. The court will rule.
This is part of a bigger operation codenamed Operation Endgame. Its goal is to dismantle large cybercrime syndicates. This case sends a message, law enforcement assures us: cybercrime perpetrators will face real consequences regardless of where they are hiding.
