A US federal indictment unsealed Thursday accuses Rustam Rafailevich Gallyamov, a 48-year-old Moscow resident, of leading a cybercrime group that caused widespread financial harm around the world. The network targeted victims across the US and various industries, from a dental office in Los Angeles to a music company in Tennessee.
Cryptocurrency Seizure and Ongoing Law Enforcement Efforts
The Justice Department is actively working to return over $24 million in cryptocurrency allegedly stolen by Gallyamov and confiscated by authorities. This case is part of a long-term effort by US law enforcement to disrupt ransomware operations run by Russia-based criminals targeting US critical infrastructure.
Due to the lack of an extradition treaty and Moscow’s reluctance to pursue hackers on Russian soil unless they attack domestic targets, US officials face hurdles in bringing such criminals to justice.
The Qakbot Malware and Its Role in Ransomware Attacks
Gallyamov allegedly developed Qakbot in 2008, a malware that has infected hundreds of thousands of computers globally and facilitated damaging ransomware attacks on health care and government agencies. Prosecutors say he received significant profits by renting access to Qakbot to ransomware gangs, including a $300,000 share from attacks on a Tennessee music company.
Following a 2023 takedown of the Qakbot network by the FBI and European authorities, Gallyamov and his associates reportedly adapted by “spam bombing” companies with fake IT support offers to exploit victims further.
Among Gallyamov’s clients was the Conti ransomware gang, responsible for tens of millions in extortion revenue before being disrupted by leaks connected to the Russia-Ukraine conflict. After Conti’s fall, Gallyamov is alleged to have shifted focus to other cybercriminal groups.
Author’s Opinion
The indictment of Gallyamov underscores the escalating sophistication of international cybercrime, revealing how deeply embedded these operations are in global networks. While legal tools and cooperative efforts continue to improve, the absence of extradition treaties and geopolitical barriers remain major obstacles. Ultimately, tackling such crimes demands stronger international collaboration and innovative technological defenses to outpace the evolving tactics of cybercriminals.
