Qakbot Malware Developer’s $24M in Crypto Seized – Is a Bigger DOJ Crackdown Coming?

The U.S. Department of Justice (DOJ) announced on May 23 that it has seized over $24 million in cryptocurrency from a Russian national accused of developing and operating the Qakbot malware.

The unsealed federal indictment identifies Rustam Rafailevich Gallyamov, 48, of Moscow, as the lead developer behind Qakbot. Gallyamov now faces federal charges for allegedly leading a global cybercrime group that infected computers with malware and facilitated large-scale ransomware attacks.

U.S. Charges Russian Hacker Behind Qakbot and Disrupts Its Operation

According to the DOJ, Gallyamov created and controlled the malware beginning in 2008 and later used it to infect thousands of computers worldwide. These infected systems were then used to build a botnet, which became a platform for widespread ransomware attacks.

“Today’s announcement of the Justice Department’s latest actions to counter the Qakbot malware scheme sends a clear message to the cybercrime community,” said Matthew R. Galeotti, head of the DOJ’s Criminal Division. “We are determined to hold cybercriminals accountable and will use every legal tool at our disposal.”

From 2019 onward, Gallyamov is accused of giving access to this botnet to other cybercriminal groups. These groups then deployed ransomware strains such as REvil, Conti, Black Basta, and Cactus. In return, Gallyamov allegedly received a share of the ransom payments.

The Qakbot botnet was disrupted in August 2023 as part of a U.S.-led international operation. At the time, authorities seized over 170 Bitcoin and more than $4 million in USDT and USDC from Gallyamov.

However, according to prosecutors, Gallyamov continued his cyber activities even after the takedown. Instead of relying on the botnet, Gallyamov and his associates allegedly switched to new tactics, including “spam bomb” attacks.

These involved flooding victims with emails to trick employees into granting access to their systems. Prosecutors say he continued this activity as recently as January 2025.

“The charges announced today exemplify the FBI’s commitment to relentlessly hold accountable individuals who target Americans and demand ransom, even when they live halfway across the world,” said Akil Davis, Assistant Director in Charge of the FBI’s Los Angeles Field Office.

On April 25, the FBI seized another 30 Bitcoin along with more than $700,000 in USDT from Gallyamov under a court warrant. The haul—valued at over $24 million—has been folded into a civil-forfeiture case in the Central District of California, and the Justice Department says it will return the money to ransomware victims.

U.S. Attorney Bill Essayli emphasized the department’s goals, stating, “The forfeiture action against more than $24 million in virtual assets also demonstrates the Justice Department’s commitment to seizing ill-gotten assets from criminals in order to ultimately compensate victims.”

The investigation was led by the FBI’s Los Angeles Field Office in coordination with law enforcement in France, Germany, the Netherlands, Denmark, the UK, Canada, and Europol.

New DOJ Cases Indicate Broader U.S. Crackdown on Crypto-Backed Cybercrime

The $24 million crypto seizure from a Qakbot-linked developer is only the latest in a sweeping U.S. crackdown on cybercrime.

In December 2024, U.S. authorities charged Rostislav Panev, a dual Russian-Israeli national, for his alleged role in the notorious LockBit ransomware group.

Panev, who was arrested in Israel last August, remains in custody as extradition proceedings continue. The DOJ describes him as a key developer behind malware tools used to disable antivirus software, access victim networks, and issue ransom demands.

Authorities say he was behind malware that disabled antivirus software and delivered ransom notes via infected devices. Investigators also traced over $230,000 in crypto payments allegedly linked to his activity.

His lawyer claims he unknowingly created software used by the group and is cooperating with law enforcement.

Meanwhile, in a sweeping May 2025 indictment, U.S. officials charged 12 people, including Americans and foreign nationals mostly aged 18 to 21, for a crypto-driven racketeering scheme that netted $263 million.

Prosecutors allege the group engaged in coordinated cyberattacks, laundering stolen funds through lavish purchases like private jets, exotic cars, and luxury goods.

Federal charges are also advancing against Roman Storm, the developer of the sanctioned mixing service Tornado Cash. Authorities claim the platform was instrumental in laundering billions in illicit crypto.

The post Qakbot Malware Developer’s $24M in Crypto Seized – Is a Bigger DOJ Crackdown Coming? appeared first on Cryptonews.

Credit: Source link