The US Division of Justice (DOJ) has filed a civil forfeiture grievance to grab over $24 million in cryptocurrency property tied to Rustam Rafailevich Gallyamov, a Russian nationwide accused of main the event and distribution of the Qakbot malware.
In keeping with a press launch issued on Might 22, the DOJ alleges Gallyamov performed a central function in deploying Qakbot as a part of a broader cybercrime operation that contaminated computer systems globally and enabled ransomware assaults.
From Malware Deployment to World Ransomware Assaults
Federal prosecutors declare that Gallyamov, who resides in Moscow, operated the botnet infrastructure behind Qakbot, a complicated piece of malware first deployed in 2008. The malware was used to compromise computer systems after which present entry to co-conspirators, who executed ransomware campaigns utilizing variants reminiscent of REvil, Conti, Black Basta, and Cactus.
In return, Gallyamov reportedly acquired a share of the ransom proceeds. The DOJ emphasised that this seizure displays a continued worldwide effort involving regulation enforcement businesses from the US, Europe, and Canada to disrupt cybercriminal networks.
In keeping with the DOJ’s indictment, Gallyamov’s cyber operations intensified from 2019 onwards, as Qakbot was used to infiltrate hundreds of methods and construct an expansive botnet. As soon as compromised, these methods had been handed off to ransomware operators.
In August 2023, a US-led multinational job drive efficiently disrupted the Qakbot community and seized varied crypto property tied to the scheme, together with 170 BTC and thousands and thousands in stablecoins reminiscent of USDT and USDC. Regardless of that takedown, the DOJ alleges that Gallyamov and his companions continued focusing on victims utilizing various strategies.
The most recent DOJ grievance particulars how the accused shifted ways following the 2023 disruption, together with using “spam bomb” strategies that tricked staff into opening entry to inner methods. Prosecutors assert that this newer strategy allowed ransomware deployment to proceed properly into 2025.
These assaults reportedly included using Black Basta and Cactus ransomware to focus on victims in the USA. As a part of the continuing investigation, the FBI executed one other seizure on April 25, 2025, retrieving over 30 BTC and greater than $700,000 in stablecoins.
DOJ’s Worldwide Coordination and Restoration Efforts
The DOJ’s civil forfeiture grievance goals to formalize the seizure of over $24 million in illicit crypto proceeds, with the intent of returning these funds to victims. This effort underscores a coordinated world marketing campaign involving the FBI’s Los Angeles and Milwaukee discipline places of work, Europol, and cybersecurity divisions from France, Germany, the Netherlands, and different nations.
The DOJ credited this collaboration for enabling swift identification and disruption of Gallyamov’s operations. Assistant US Attorneys from the Central District of California and officers from the DOJ’s Laptop Crime and Mental Property Part are main the prosecution.
In public remarks, DOJ and FBI officers reiterated their dedication to dismantling world cybercrime infrastructure and utilizing all out there authorized instruments together with indictments, forfeiture actions, and worldwide regulation enforcement cooperation to carry perpetrators accountable and compensate victims. US Lawyer Invoice Essayli for the Central District of California mentioned:
The forfeiture motion in opposition to greater than $24 million in digital property additionally demonstrates the Justice Division’s dedication to seizing ill-gotten property from criminals in an effort to in the end compensate victims.
Featured picture created with DALL-E, Chart from TradingView
Editorial Course of for bitcoinist is centered on delivering totally researched, correct, and unbiased content material. We uphold strict sourcing requirements, and every web page undergoes diligent evaluate by our workforce of high expertise consultants and seasoned editors. This course of ensures the integrity, relevance, and worth of our content material for our readers.
