USUS News

US Indicts Russian National Over Alleged Role in Qakbot Ransomware Attacks

Federal prosecutors also filed a complaint seeking the forfeiture of more than $24 million in cryptocurrency seized from the defendant.
Save
US Indicts Russian National Over Alleged Role in Qakbot Ransomware Attacks
A laptop with binary code is displayed on the screen in front of a Russian flag, in this picture illustration created on Aug. 19, 2022. Dado Ruvic/Reuters
Aldgra Fredly
Updated:
0:00

The Department of Justice (DOJ) on May 22 unsealed charges against a Russian citizen accused of leading a cybercriminal group responsible for the Qakbot malware, which has targeted hundreds of thousands of computers across the United States and globally.

Rustam Rafailevich Gallyamov, 48, of Moscow, allegedly created Qakbot in 2008 and began using it in 2019 to infect computers with ransomware, targeting companies in various sectors, including a dental clinic in Los Angeles, a music company in Tennessee and an insurance company in Maryland, according to the indictment.

After infiltrating victims’ computers, Gallyamov and his co-conspirators allegedly demanded ransom payments from victims seeking to regain access to their computers and prevent the release of stolen private data.

Prosecutors stated that Gallyamov also partnered with ransomware groups by giving them access to compromised computers in exchange for a share of the ransom payments collected from victims.

The DOJ said that it has filed a complaint seeking the forfeiture of more than $24 million in cryptocurrency seized from Gallyamov throughout the investigation, as it aims to return those funds to victims.

“The criminal charges and forfeiture case announced today are part of an ongoing effort with our domestic and international law enforcement partners to identify, disrupt, and hold accountable cybercriminals,” U.S. Attorney Bill Essayli for the Central District of California said in a statement.
Related Stories
US Cracks Down on Russian Ransomware Networks
US Cracks Down on Russian Ransomware Networks
DOJ Charges Russian National With Leading LockBit Ransomware Attack Network
DOJ Charges Russian National With Leading LockBit Ransomware Attack Network

“The forfeiture action against more than $24 million in virtual assets also demonstrates the Justice Department’s commitment to seizing ill-gotten assets from criminals in order to ultimately compensate victims.”

In 2023, a U.S.-led multinational operation—joined by France, Germany, the Netherlands, the United Kingdom, Romania, and Latvia—disrupted the Qakbot botnet and malware, seizing about $8.6 million in cryptocurrency, according to a previous statement.

At the time, authorities discovered that Qakbot had infected more than 700,000 computers worldwide, including 200,000 in the United States.

According to the indictment, Gallyamov and his co-conspirators allegedly resorted to another hacking mechanism named the “spam bomb” attack to trick employees of targeted companies into granting access to their computer systems.

Earlier this year, the defendant allegedly carried out spam bomb attacks against companies in the United States by flooding their inboxes with email subscriptions, the DOJ stated.

“Mr. Gallyamov’s bot network was crippled by the talented men and women of the FBI and our international partners in 2023, but he brazenly continued to deploy alternative methods to make his malware available to criminal cyber gangs conducting ransomware attacks against innocent victims globally,” Akil Davis, assistant director in charge at the FBI’s Los Angeles Field Office, said in a statement.

Gallyamov could be sentenced to up to 25 years in prison if found guilty of the charges.

The Epoch Times could not reach Gallyamov or his legal representative by publication time.

Aldgra Fredly
Aldgra Fredly
Author
Aldgra Fredly is a freelance writer covering U.S. and Asia Pacific news for The Epoch Times.