The FBI and international partners have seized over $24 million in cryptocurrency from a Russian malware mastermind, Rustam Rafailevich Gallyamov. Gallyamov is accused of leading the development and distribution of the notorious Qakbot malware.
Qakbot: A Malware Empire
Qakbot, a sophisticated piece of malware active since 2008, was used to infect computers worldwide. Gallyamov allegedly controlled the botnet infrastructure, allowing him and his associates to launch ransomware attacks using malware like REvil, Conti, Black Basta, and Cactus. He reportedly received a cut of the ransom payments.
A Global Takedown and Continued Attacks
A major international operation in August 2023 disrupted the Qakbot network, seizing a significant amount of cryptocurrency. However, Gallyamov didn’t stop there. He adapted his tactics, using “spam bombs” to trick employees into giving access to company systems. This allowed ransomware attacks to continue, targeting victims in the US with Black Basta and Cactus ransomware, even into 2025.
Another Seizure and International Cooperation
A further seizure in April 2025 netted over 30 BTC and more than $700,000 in stablecoins. This, combined with the earlier seizure, brings the total recovered assets to over $24 million. The success of these operations highlights the crucial collaboration between the FBI (Los Angeles and Milwaukee field offices), Europol, and cybersecurity agencies in France, Germany, the Netherlands, and other countries.
Justice Served (and Victims Compensated)
This massive cryptocurrency seizure aims to compensate victims of Gallyamov’s crimes. The Department of Justice (DOJ) is committed to dismantling global cybercrime networks and holding perpetrators accountable, using every tool at its disposal, including international cooperation and asset forfeiture. The DOJ emphasized its dedication to seizing ill-gotten gains and returning them to those who were harmed.
