US Charges Russian Suspected of Leading Global Cybercrime Ring

A US federal indictment unsealed Thursday accuses Rustam Rafailevich Gallyamov, a 48-year-old Moscow resident, of leading a cybercrime group that caused widespread financial harm around the world. The network targeted victims across the US and various industries, from a dental office in Los Angeles to a music company in Tennessee.

Cryptocurrency Seizure and Ongoing Law Enforcement Efforts

The Justice Department is actively working to return over $24 million in cryptocurrency allegedly stolen by Gallyamov and confiscated by authorities. This case is part of a long-term effort by US law enforcement to disrupt ransomware operations run by Russia-based criminals targeting US critical infrastructure.

Due to the lack of an extradition treaty and Moscow’s reluctance to pursue hackers on Russian soil unless they attack domestic targets, US officials face hurdles in bringing such criminals to justice.

The Qakbot Malware and Its Role in Ransomware Attacks

Gallyamov allegedly developed Qakbot in 2008, a malware that has infected hundreds of thousands of computers globally and facilitated damaging ransomware attacks on health care and government agencies. Prosecutors say he received significant profits by renting access to Qakbot to ransomware gangs, including a $300,000 share from attacks on a Tennessee music company.

Following a 2023 takedown of the Qakbot network by the FBI and European authorities, Gallyamov and his associates reportedly adapted by “spam bombing” companies with fake IT support offers to exploit victims further.

Among Gallyamov’s clients was the Conti ransomware gang, responsible for tens of millions in extortion revenue before being disrupted by leaks connected to the Russia-Ukraine conflict. After Conti’s fall, Gallyamov is alleged to have shifted focus to other cybercriminal groups.

Featured image credit: Wikimedia Commons

For more stories like it, click the +Follow button at the top of this page to follow us.