The US Division of Justice (DOJ) has filed a civil forfeiture criticism to grab over $24 million in cryptocurrency property tied to Rustam Rafailevich Gallyamov, a Russian nationwide accused of main the event and distribution of the Qakbot malware.
In accordance with a press launch issued on Could 22, the DOJ alleges Gallyamov performed a central position in deploying Qakbot as a part of a broader cybercrime operation that contaminated computer systems globally and enabled ransomware assaults.
From Malware Deployment to World Ransomware Assaults
Federal prosecutors declare that Gallyamov, who resides in Moscow, operated the botnet infrastructure behind Qakbot, a classy piece of malware first deployed in 2008. The malware was used to compromise computer systems after which present entry to co-conspirators, who executed ransomware campaigns utilizing variants similar to REvil, Conti, Black Basta, and Cactus.
In return, Gallyamov reportedly obtained a share of the ransom proceeds. The DOJ emphasised that this seizure displays a continued worldwide effort involving regulation enforcement companies from the US, Europe, and Canada to disrupt cybercriminal networks.
In accordance with the DOJ’s indictment, Gallyamov’s cyber operations intensified from 2019 onwards, as Qakbot was used to infiltrate 1000’s of techniques and construct an expansive botnet. As soon as compromised, these techniques have been handed off to ransomware operators.
In August 2023, a US-led multinational job pressure efficiently disrupted the Qakbot community and seized numerous crypto property tied to the scheme, together with 170 BTC and thousands and thousands in stablecoins similar to USDT and USDC. Regardless of that takedown, the DOJ alleges that Gallyamov and his companions continued focusing on victims utilizing various strategies.
The most recent DOJ criticism particulars how the accused shifted techniques following the 2023 disruption, together with using “spam bomb” strategies that tricked workers into opening entry to inner techniques. Prosecutors assert that this newer method allowed ransomware deployment to proceed nicely into 2025.
These assaults reportedly included using Black Basta and Cactus ransomware to focus on victims in america. As a part of the continuing investigation, the FBI executed one other seizure on April 25, 2025, retrieving over 30 BTC and greater than $700,000 in stablecoins.
DOJ’s Worldwide Coordination and Restoration Efforts
The DOJ’s civil forfeiture criticism goals to formalize the seizure of over $24 million in illicit crypto proceeds, with the intent of returning these funds to victims. This effort underscores a coordinated world marketing campaign involving the FBI’s Los Angeles and Milwaukee subject workplaces, Europol, and cybersecurity divisions from France, Germany, the Netherlands, and different international locations.
The DOJ credited this collaboration for enabling swift identification and disruption of Gallyamov’s operations. Assistant US Attorneys from the Central District of California and officers from the DOJ’s Laptop Crime and Mental Property Part are main the prosecution.
In public remarks, DOJ and FBI officers reiterated their dedication to dismantling world cybercrime infrastructure and utilizing all accessible authorized instruments together with indictments, forfeiture actions, and worldwide regulation enforcement cooperation to carry perpetrators accountable and compensate victims. US Lawyer Invoice Essayli for the Central District of California stated:
The forfeiture motion in opposition to greater than $24 million in digital property additionally demonstrates the Justice Division’s dedication to seizing ill-gotten property from criminals as a way to in the end compensate victims.
Featured picture created with DALL-E, Chart from TradingView
Editorial Course of for bitcoinist is centered on delivering completely researched, correct, and unbiased content material. We uphold strict sourcing requirements, and every web page undergoes diligent evaluation by our staff of prime know-how consultants and seasoned editors. This course of ensures the integrity, relevance, and worth of our content material for our readers.