The U.S. Department of Justice (DOJ) made headlines on May 23 with the announcement that it had successfully seized over $24 million in cryptocurrency from a Russian national allegedly involved in cybercrime activities. The suspect, identified as Rustam Rafailevich Gallyamov, hailing from Moscow, was accused of being the mastermind behind the Qakbot malware operation.
According to the unsealed federal indictment, Gallyamov, 48, was the lead developer behind the Qakbot malware, which he allegedly developed and controlled since 2008. The malware was used to infect thousands of computers globally, creating a botnet that was later utilized for launching large-scale ransomware attacks. The DOJ, in collaboration with international partners, led the investigation into Gallyamov’s cybercrime activities and aims to return the recovered assets to the victims.
Gallyamov’s involvement in the cybercrime world didn’t stop at developing the Qakbot malware. He allegedly provided access to the botnet to other cybercriminal groups from 2019 onwards, enabling them to carry out ransomware attacks using strains like REvil, Conti, Black Basta, and Cactus. In exchange for his services, Gallyamov reportedly received a share of the ransom payments.
Despite authorities disrupting the Qakbot botnet in August 2023 and seizing over 170 Bitcoin and $4 million in USDT and USDC from Gallyamov, he continued his illicit activities using new tactics such as “spam bomb” attacks. These tactics involved inundating victims with emails to deceive them into granting access to their systems, with prosecutors alleging that Gallyamov engaged in these activities as recently as January 2025.
The FBI’s relentless pursuit of Gallyamov led to the seizure of an additional 30 Bitcoin and over $700,000 in USDT from him in April, bringing the total confiscated amount to over $24 million. This sum has been included in a civil-forfeiture case in the Central District of California, with the DOJ committed to returning the funds to ransomware victims.
The investigation into Gallyamov’s cybercrimes was spearheaded by the FBI’s Los Angeles Field Office in coordination with law enforcement agencies in France, Germany, the Netherlands, Denmark, the UK, Canada, and Europol. This latest case is part of a broader crackdown by the U.S. on cybercrime activities involving cryptocurrency, with recent charges brought against individuals involved in ransomware groups and crypto-driven racketeering schemes.
The DOJ’s actions against Gallyamov and other cybercriminals signal a clear message that law enforcement agencies are determined to hold accountable those who engage in illicit activities using cryptocurrency. As the digital landscape evolves, the DOJ remains vigilant in its efforts to combat cybercrime and protect victims from financial harm.