DOJ Seizes $24 Million in Cryptocurrency Linked to Qakbot Malware

The US Department of Justice (DOJ) has taken decisive action against Rustam Rafailevich Gallyamov, a Russian national accused of developing the Qakbot malware. The DOJ filed a civil forfeiture complaint to seize over $24 million in cryptocurrency linked to Gallyamov's alleged cybercrime activities. This move is part of a broader effort to disrupt and hold accountable cybercriminals who exploit malware for financial gain.

Gallyamov, a 48-year-old resident of Moscow, is alleged to have been the mastermind behind the Qakbot botnet, a malicious software network that has been used in various global ransomware attacks since 2008. The Qakbot malware has been associated with several high-profile ransomware strains, including Prolock, Dopplepaymer, Egregor, REvil, Conti, Name Locker, Black Bast, and Cactus. These ransomware attacks have targeted thousands of victim computers, causing significant financial and operational disruptions.

The DOJ's action follows a US-led international operation in 2023 that successfully disrupted the Qakbot botnet and malware. Despite this disruption, Gallyamov and his collaborators allegedly continued their activities, adopting new techniques to deploy ransomware directly. The DOJ's seizure of over $24 million in cryptocurrency sends a clear message to the cybercrime community that such activities will not go unpunished.

Matthew Galeotti, head of the DOJ’s criminal division, emphasized the department's commitment to holding cybercriminals accountable. He stated that the DOJ will use every legal tool available to identify, charge, and forfeit the ill-gotten gains of cybercriminals, thereby disrupting their criminal activities. US Attorney Bill Essayli for the Central District of California echoed this sentiment, highlighting the DOJ's dedication to compensating victims by seizing assets from criminals.

The FBI's Los Angeles Field Office, under the leadership of Assistant Director in Charge Akil Davis, played a crucial role in the disruption of the Qakbot botnet. Despite the initial success, Gallyamov allegedly continued to deploy alternative methods to offer his malware to potential partners, underscoring the persistent threat posed by cybercriminals.

The DOJ's seizure of over $24 million in cryptocurrency is a significant step in the ongoing battle against cybercrime. It demonstrates the department's resolve to protect victims and hold cybercriminals accountable for their actions. The forfeiture of these assets not only serves as a deterrent to potential cybercriminals but also provides a means to compensate victims who have suffered financial losses due to ransomware attacks.