$24M in crypto, 30 Bitcoins, and $700K seized as FBI takes down Russian hacker behind 700,000 computer ransomware army in Operation Endgame
Reuters FBI and international allies seize $24M in crypto from Russian hacker Rustam Gallyamov, accused of turning 700,000 computers into a global ransomware army under Qakbot malware operation
For thousands of people around the world, the nightmare began the same way: a frozen screen, a blinking message, and a demand for money. Doctors, small business owners, factory workers, and even school staff found their computers suddenly hijacked.
The US Department of Justice has indicted Rustam Rafailevich Gallyamov, a 48-year-old Russian national from Moscow, for leading a global cybercriminal enterprise responsible for the notorious Qakbot malware. Alongside the charges, the Justice Department announced it had seized over $24 million in cryptocurrency linked to Gallyamov's cybercrime empire. These funds are now targeted to be returned to the victims who suffered from these attacks.
Victims ranged from small dental offices in Los Angeles to technology firms in Nebraska, manufacturing companies in Wisconsin, and even real estate businesses in Canada.
This indictment was unsealed on Thursday, May 22, 2025, and marks a crucial moment in America's ongoing battle against ransomware attacks that have plagued organizations worldwide. Matthew R. Galeotti, Head of the Justice Department's Criminal Division, emphasized the significance of this action: "Today's announcement of the Justice Department's latest actions to counter the Qakbot malware scheme sends a clear message to the cybercrime community. We are determined to hold cybercriminals accountable and will use every legal tool at our disposal to identify you, charge you, forfeit your ill-gotten gains, and disrupt your criminal activity."
Gallyamov is accused of developing and deploying Qakbot since 2008, a sophisticated malware that infected over 700,000 computers globally. The malware facilitated ransomware attacks by granting access to co-conspirators who deployed various ransomware strains, including Conti, REvil, Black Basta, and Dopplepaymer. Despite a multinational operation targeting him in August 2023 that disrupted the Qakbot botnet, Gallyamov allegedly continued his cybercriminal activities.'Mr. Gallyamov's bot network was crippled by the talented men and women of the FBI and our international partners in 2023, but he brazenly continued to deploy alternative methods to make his malware available to criminal cyber gangs conducting ransomware attacks against innocent victims globally,' said Assistant Director in Charge Akil Davis of the FBI's Los Angeles Field Office.He and his associates shifted tactics, employing "spam bomb" attacks to deceive employees into granting network access, leading to further ransomware deployments as recently as January 2025.As a result, the FBI under its 'Operation Endgame' seized more than 30 bitcoins and $700,000 in USDT tokens from Gallyamov under a seizure warrant executed on April 25, the Department of Justice confirmed in a statement.The Justice Department also filed a civil forfeiture complaint to seize over $24 million in cryptocurrency linked to Gallyamov's illicit activities. This was done not only to prosecute cybercriminals but also to recover assets to compensate victims.The indictment is part of Operation Endgame, a coordinated international effort involving law enforcement agencies from the United States, France, Germany, the Netherlands, Denmark, the United Kingdom, and Canada. This operation has dismantled key infrastructures of several malware strains, including Qakbot, DanaBot, Trickbot, and others, by taking down approximately 300 servers and neutralizing 650 domains worldwide.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Time of India
8 hours ago
- Time of India
Trump's Life at RISK? Ex-FBI Boss' ‘8647' Post Linked to KILL PLOT, Kash Patel Speaks
/ May 31, 2025, 01:15AM IST The FBI says assassination threats against Donald Trump have exploded after ex-FBI Director James Comey posted (and deleted) a cryptic photo reading '8647.' In this explosive report, we break down how that post is now being interpreted as a coded call to '86' the 47th president. FBI Director Kash Patel reveals chilling details of agents being pulled from terror cases to chase down Trump threats — including two failed attempts this year. Watch now.
Hindustan Times
11 hours ago
- Hindustan Times
US govt investigating messages impersonating Trump's chief of staff, Susie Wiles
The government is investigating after elected officials, business executives, and other prominent figures in recent weeks received messages from someone impersonating Susie Wiles, President Donald Trump's chief of staff. A White House official confirmed the investigation Friday and said the White House takes cybersecurity of its staff seriously. The official was not authorised to discuss the matter publicly and spoke on condition of anonymity. The Wall Street Journal reported Thursday that senators, governors, business leaders and others began receiving text messages and phone calls from someone who seemed to have gained access to the contacts in Wiles' personal cellphone. The messages and calls were not coming from Wiles' number, the newspaper reported. Also Read | Trump administration orders extra vetting of all Harvard-bound visa applicants Some of those who received calls heard a voice that sounded like Wiles, which may have been generated by artificial intelligence, according to the report. Some received text messages that they initially thought were official White House requests, but some people reported the messages did not sound like Wiles. The FBI warned in a public service announcement this month of a "malicious text and voice messaging campaign' in which unidentified 'malicious actors' have been impersonating senior U.S. government officials. The scheme, according to the FBI, has relied on text messages and AI-generated voice messages that purport to come from a senior U.S. official and that aim to dupe other government officials as well as the victim's associates and contacts. Also Read | Deportation risk for 5,00,000 immigrants as SC clears way for Trump to end their parole "Safeguarding our administration officials' ability to securely communicate to accomplish the president's mission is a top priority,' FBI Director Kash Patel said in a statement Friday. It is unclear how someone gained access to Wiles' phone, but the intrusion is the latest security breach for Trump staffers. Last year, Iran hacked into Trump's campaign and sensitive internal documents were stolen and distributed, including a dossier on Vice President JD Vance, created before he was selected as Trump's running mate. Wiles, who served as a co-manager of Trump's campaign before taking on the lynchpin role in his new administration, has amassed a powerful network of contacts.
NDTV
12 hours ago
- NDTV
100 Ballistic Missiles, Rocket Launchers. What N Korea Gave Russia: Report
New Delhi: Between September 2023 and December 2024 North Korea gave Russia over 100 ballistic missiles and as much as nine million rounds of ammunition to support various weapons systems, including artillery shells and rockets, for use in Moscow's war against Ukraine, an 11-member international watchdog monitoring sanctions against Pyongyang said Thursday. The missiles and military support, which included deployment of 14,000 soldiers and three heavy artillery units, helped Moscow "terrorise" Ukraine and "destroy civilian infrastructure and populated areas like Kyiv and Zaporizhzhia", the Multilateral Sanctions Monitoring Team said. In return, the MSMT report said, Moscow may have supplied Pyongyang with advanced electronic warfare systems and at least one Pantsir, which is a mobile air defence system designed to target aircraft, cruise missiles, precision munitions, and UAVs, or unmanned aerial vehicles. Arms transfers both ways were conducted under the cover of Russian cargo ships. Moscow also supported Pyongyang's missile development programme by sharing data from ballistic missiles used to destroy civilian targets in Kyiv and other cities, the report said. And North Korea has also been supplied with refined petroleum products, which helps Russia bypass financial sanctions imposed to stifle funding to further its war on Ukraine. That North Korea has supplied Russia with soldiers had been confirmed earlier, and that it had also provided weapons and munitions had been inferred in 2024 from American intelligence. In September 2024 South Korean intelligence made the same inference. The MSMT report, however, emphasises the scale of transfers that "marks a dangerous expansion of the war". Violations of United Nations Security Council Resolutions on North Korea and Russia individually, and on military cooperation between the two, have been flagged. North Korea has been under a UN arms embargo since it tested a nuclear bomb in 2006. The UN Security Council Resolutions, in fact, were passed with approval from Russia. The two have, though, strengthened military ties since the invasion of Ukraine, signing a Treaty on Comprehensive Strategic Partnership in June 2024, when Vladimir Putin visited N Korea. Article 4 of that treaty specifies the provision of military assistance if either nation is "put in a state of war by an armed invasion", in line, ironically, with sections of the UN Charter. Neither Russia nor N Korea have responded to the MSMT report as yet. Both have formally denied any transfer of arms. What Is The MSMT? The MSMT is the United States, Canada, the United Kingdom, France, Germany, Italy, the Netherlands, Japan, Australia, New Zealand, and South Korea, and was set up in October 2024. It was formed after Russia last year vetoed renewing a United Nations-appointed panel of experts that had been monitoring implementation and violations of sanctions against N Korea. Its 30-page report contained analysis of Hwasong-11A short-range ballistic missile debris from Ukraine, as well as information about recovered rocket launcher ammunition and anti-tank missiles, and photographs of North Korean weapons systems being transported through Russia. The report cited information from UK-based Conflict Armament Research and Open Source Centre, as well as findings from member states. Weapons From N Korea To Russia Arms transfers from North Korea to Russia since late 2023 (Moscow's invasion began February 2022) has consisted of "over 20,000 containers of munitions and related material... including 82mm, 122mm, 130mm, 152mm, and 170mm munitions to support various weapons systems... " Photo from MSMT report dated May 29, 2025 "Russian-flagged cargo vessels delivered as many as nine million rounds of mixed artillery and multiple rocket launcher ammunition... in 49 shipments from January 1 to mid-December 2024." According to open source information cited by the MSMT, Russian ships also delivered up to six million rounds of ammo - artillery shells and rockets - between August 2023 and March 2024. Debris from these and other North Korea-provided munitions, have been recovered from missiles that hit Ukraine cities, including Kharkiv in January 2024 and Bila Tserkva, Vitrova Balka, and Rozhivka in August 2024. Kyiv has said about a third of recent missile strikes involve N Korean weapons. Photo from MSMT report dated May 29, 2025 Transfer of the Hwasong-11 series ballistic missile is in violation of another UN Security Council Resolution. In fact, Pyongyang is banned from any activity to do with ballistic missiles. Intel from a participating MSMT state also indicated Moscow had trained North Korean troops and deployed them to the Kursk Oblast, where "they began engaging in combat operations..." "Web Of Illicit Activity" Overall, the MSMT has claimed "a myriad unlawful activities" between the two countries. These reportedly include Russia helping North Korean evade scrutiny from the Financial Action Task Force, the global anti-terror funding watchdog. The FATF, incidentally, has been re-approached by India over Pakistan continuing to fund cross-border terrorism. The watchdog has warned the global community the fact that Russia and N Korea have defied, and continue to defy, sanctions indicates a new challenge for enforcement of international law. It has offered a list of eight recommendations to counter the emerging alliance and violation of sanctions, including monitoring of financial transactions (the FATF's remit) and increased inspection of movement of 'designated people' to and from the two countries.
