In a world where the shadows of cybercrime loom large, the US Department of Justice (DOJ) has taken a bold step, filing a civil forfeiture complaint to seize a staggering $24 million in cryptocurrency from none other than Rustam Rafailevich Gallyamov, a Russian national who has been accused of conjuring the infamous Qakbot malware. Ah, the irony of a digital thief caught in the web of his own making!
On May 22, the DOJ unsealed charges against the 48-year-old Moscovite, who, like a modern-day sorcerer, allegedly crafted the Qakbot botnet. One can only imagine the late-night coding sessions fueled by copious amounts of caffeine and questionable life choices.
“Today’s announcement of the Justice Department’s latest actions to counter the Qakbot malware scheme sends a clear message to the cybercrime community,” proclaimed Matthew Galeotti, head of the DOJ’s criminal division. A message indeed, though one might wonder if the cybercriminals are listening or simply laughing from their darkened basements.
Galeotti emphasized that the DOJ is “determined to hold cybercriminals accountable.” He added that the department will “use every legal tool” to “identify you, charge you, forfeit your ill-gotten gains, and disrupt your criminal activity.” Sounds like a game of digital whack-a-mole, doesn’t it?
Over $24 million forfeited
US Attorney Bill Essayli for the Central District of California explained that “the criminal charges and forfeiture case announced today are part of an ongoing effort” to “identify, disrupt, and hold accountable cybercriminals.” He added:
“The forfeiture action against more than $24 million in virtual assets also demonstrates the Justice Department’s commitment to seizing ill-gotten assets from criminals in order to ultimately compensate victims.”
Assistant Director in Charge Akil Davis of the FBI’s Los Angeles Field Office stated that Qakbot was crippled by the agency and its partners in 2023. Yet, like a cockroach that refuses to die, Gallyamov allegedly continued deploying alternative methods to offer his malware to potential partners. One must admire the tenacity, if not the ethics.
Qakbot used in global ransomware attacks
Gallyamov allegedly operated the Qakbot malware as far back as 2008. In 2019, he allegedly used it to infect thousands of victim computers, establishing a so-called botnet. A digital empire built on the backs of unsuspecting users—how quaint!
Access to computers that were part of the botnet was sold to others who infected them with ransomware, including Prolock, Dopplepaymer, Egregor, REvil, Conti, Name Locker, Black Bast, and Cactus. In 2023, a US-led international operation disrupted the Qakbot botnet and malware, but not before Gallyamov had a chance to cash in.
At the time, over 170 Bitcoin (BTC) and over $4 million in USDt (USDT) and USDC (USDC) stablecoins were seized from Gallyamov. According to the indictment, he and his collaborators continued their nefarious activities after the disruption, adopting new techniques, including directly deploying Black Basta and Cactus ransomware. Truly, the spirit of innovation knows no bounds in the underbelly of the internet!
Read More
- Clash Royale Best Boss Bandit Champion decks
- RAVEN2 redeem codes and how to use them (October 2025)
- Kingdom Rush Battles Tower Tier List
- Clash Royale Furnace Evolution best decks guide
- Delta Force Best Settings and Sensitivity Guide
- Cookie Run: Kingdom Boss Rush Season 2-2 Guide and Tips
- Ninja Arashi 2 Shadow’s Return expands the hit ARPG sequel with more content, ahead of Ninja Arashi 3’s launch later this year
- Kingdom Rush Battles Hero Tier List
- BBC spy drama with James Norton dubbed “the story that shocked Britain” is now on Netflix
- Vampire’s Fall 2 redeem codes and how to use them (June 2025)
2025-05-23 18:09