Bitcoin

US officials seized $24 million in crypto and charged Russian developer Rustam Gallyamov for running Qakbot.

Photo of gautamnaidu2020@gmail.com gautamnaidu2020@gmail.comMay 23, 2025
0 0 2 minutes read
US officials seized million in crypto and charged Russian developer Rustam Gallyamov for running Qakbot.

The United States Ministry of Justice (DOJ) has filed a civil confiscation complaint to seize more than $ 24 million in Rustam Rafailevichvich Gallyamov cryptocurrency, a Russian national accused of developing the malware Qakbot.

According to an announcement of May 22, the Doj flooded the accusations against Moscow, 48, with a federal indictment. Gallyamov would be the developer of malicious software behind the Qakbot botnet.

“The announcement of today of the latest actions of the Ministry of Justice to counter the Qakbot malware program sends a clear message to the cybercrime community,” said Matthew Galeotti, chief of the DoJ criminal division.

Screenshot of the indictment. Source: American Department of Justice

Galeotti stressed that the DoJ is “determined to hold responsible cybercriminals”. He added that the ministry “will use each legal tool” to “identify you, invoice you, give up your badly acquired gains and disturb your criminal activity”.

In relation: Microsoft takes legal action against the Infosaler Lumma

More than $ 24 million have been confiscated

The American prosecutor Bill Essayli for the California central district explained that “the case of criminal accusations and confiscation announced today is part of a continuous effort” to “identify, disturb and hold responsible cybercriminals”. He added:

“Driving against more than $ 24 million in virtual assets also demonstrates the commitment of the Ministry of Justice to seize the poorly acquired assets of criminals in order to ultimately compensate for the victims.”

Deputy Director in charge Akil Davis of the Los Angeles Land Office of the FBI said that Qakbot had been paralyzed by the Agency and its partners in 2023. However, Gallyamov would have continued to deploy alternative methods to offer its malicious software to potential partners.

In relation: The Chinese printers manufacturer has propagated Bitcoin Volant Malware – Report

Qakbot used in world ransomware attacks

Gallyamov would have exploited Qakbot malware in 2008. In 2019, he would have used it to infect thousands of victims computers to establish a so-called botnet.

Access to computers who were part of the botnet was sold to others who infected them by ransomware, notably Procklepaymer, Egregor, Revil, Conti, Name Locker, Black Bast and Cactus. In 2023, an international operation led by the United States disrupted the Qakbot botnet and malware.

At the time, more than 170 bitcoin (BTC) and more than $ 4 million in stablescoins USDT (USDT) and USDC (USDC) were seized from Gallyamov. According to the indictment, he and his collaborators continued the activity after his disruption, adopting new techniques, in particular in directly deployment of Black Basta and Cactus ransomware.

Review: Crypto exchange hack report