The United States Ministry of Justice charged a Russian national, Rustam Gallyamov, for having directed a major world cybercrime ring behind the famous Qakbot malware. The authorities have seized more than $ 24 million in cryptography linked to the operation, which should be returned to the victims.
The indictment of May 22, 2025 is an important stage of the American authorities in their fight against ransomware attacks. This is part of a broader campaign of application of the law (such as the Endgame operation) to target cybercriminals that have used malicious software like Qakbot to infect systems worldwide, demand ransom and steal data and funds.
The victims included a wide range of companies, small Los Angeles dental clinics to Nebraska technological companies, Wisconsin manufacturers and even real estate companies in Canada.
The United States and the Allies unite against cybercrime
“The accusations announced today illustrate the FBI’s commitment to keep those responsible for those who target the Americans tirelessly and to demand a ransom, even when they live halfway in the world,” said Akil Davis, deputy director in charge of the FBI field office in Los Angeles.
These movements are part of a global repression of cybercrime, with the United States, France, Germany, the Netherlands, Denmark, the United Kingdom and Canada working together to fight cybercrime, the statement said.
Gallyamov malware has infected more than 700,000 computers since 2008
Gallymov has been accused of having managed the Qakbot malware since 2008, infected more than 700,000 computers worldwide and allowing important ransomware attacks like Conti, Black Basta and Revil. Gallyamov received part of the ransoms received from the victims.
In August 2023, an international operation led by the United States killed the Qakbot botnet, where the authorities seized more than 170 bitcoins and more than $ 4 million in USDT and USDC in Gallyamov.
Even after that, he kept his cybercrime activity by going to new tactics such as “spam bomb” attacks. He continued to attack systems as recently as January 2025 by flooding email victims, encouraging employees to give hackers.
Consequently, as part of the “Endgame operation”, the FBI seized 30 other bitcoins and $ 700,000 in Gallyamov USDT. The DoJ also filed a civil confiscation case to definitively demand the $ 24 million in crypto total seizure, with plans to make funds for the victims. If he is found guilty, he would risk a maximum statutory sentence of 25 years in federal prison.
Tornado Cash Creator also under federal investigation
This is only the last decision in the great American repression of cybercrime. In December 2024, they billed Rostislav Panev, a Russian-Israeli pirate linked to locking ransomware, for having created malicious software that helped criminals hack networks and demanding ransoms, with more than $ 230,000 in crypto.
In May 2025, 12 young people, mostly young people, were accused of having organized a cryptographic racket program of $ 263 million. They used the stolen money to buy luxury jets and cars.
The federal authorities also continue after Roman Storm, the creator of Tornado Cash, who is accused of having laundered billions of illegal crypto.
