The US Division of Justice (DOJ) has filed a civil forfeiture grievance to grab over $24 million in cryptocurrency property tied to Rustam Rafailevich Gallyamov, a Russian nationwide accused of main the event and distribution of the Qakbot malware.
In line with a press launch issued on Might 22, the DOJ alleges Gallyamov performed a central function in deploying Qakbot as a part of a broader cybercrime operation that contaminated computer systems globally and enabled ransomware assaults.
From Malware Deployment to International Ransomware Assaults
Federal prosecutors declare that Gallyamov, who resides in Moscow, operated the botnet infrastructure behind Qakbot, a classy piece of malware first deployed in 2008. The malware was used to compromise computer systems after which present entry to co-conspirators, who executed ransomware campaigns utilizing variants reminiscent of REvil, Conti, Black Basta, and Cactus.
In return, Gallyamov reportedly acquired a share of the ransom proceeds. The DOJ emphasised that this seizure displays a continued worldwide effort involving legislation enforcement companies from the US, Europe, and Canada to disrupt cybercriminal networks.
In line with the DOJ’s indictment, Gallyamov’s cyber operations intensified from 2019 onwards, as Qakbot was used to infiltrate 1000’s of programs and construct an expansive botnet. As soon as compromised, these programs have been handed off to ransomware operators.
In August 2023, a US-led multinational process drive efficiently disrupted the Qakbot community and seized numerous crypto property tied to the scheme, together with 170 BTC and thousands and thousands in stablecoins reminiscent of USDT and USDC. Regardless of that takedown, the DOJ alleges that Gallyamov and his companions continued concentrating on victims utilizing different strategies.
The newest DOJ grievance particulars how the accused shifted ways following the 2023 disruption, together with using “spam bomb” methods that tricked staff into opening entry to inside programs. Prosecutors assert that this newer strategy allowed ransomware deployment to proceed properly into 2025.
These assaults reportedly included the usage of Black Basta and Cactus ransomware to focus on victims in the USA. As a part of the continued investigation, the FBI executed one other seizure on April 25, 2025, retrieving over 30 BTC and greater than $700,000 in stablecoins.
DOJ’s Worldwide Coordination and Restoration Efforts
The DOJ’s civil forfeiture grievance goals to formalize the seizure of over $24 million in illicit crypto proceeds, with the intent of returning these funds to victims. This effort underscores a coordinated world marketing campaign involving the FBI’s Los Angeles and Milwaukee discipline places of work, Europol, and cybersecurity divisions from France, Germany, the Netherlands, and different international locations.
The DOJ credited this collaboration for enabling swift identification and disruption of Gallyamov’s operations. Assistant US Attorneys from the Central District of California and officers from the DOJ’s Pc Crime and Mental Property Part are main the prosecution.
In public remarks, DOJ and FBI officers reiterated their dedication to dismantling world cybercrime infrastructure and utilizing all accessible authorized instruments together with indictments, forfeiture actions, and worldwide legislation enforcement cooperation to carry perpetrators accountable and compensate victims. US Lawyer Invoice Essayli for the Central District of California stated:
The forfeiture motion towards greater than $24 million in digital property additionally demonstrates the Justice Division’s dedication to seizing ill-gotten property from criminals in an effort to finally compensate victims.
Featured picture created with DALL-E, Chart from TradingView
Editorial Course of for bitcoinist is centered on delivering completely researched, correct, and unbiased content material. We uphold strict sourcing requirements, and every web page undergoes diligent overview by our workforce of prime expertise specialists and seasoned editors. This course of ensures the integrity, relevance, and worth of our content material for our readers.
