Latest news with #Gallyamov
New York Post
24-05-2025
- New York Post
Russian hacker indicted for operating cybercrime ring that stole millions in targeted cyberattacks
A Russian national was indicted for leading a cybercriminal enterprise that infected computers and stole millions from victims around the globe for more than a decade, federal prosecutors revealed. Rustam Rafailevich Gallyamov, 48, of Moscow, was slapped with conspiracy and wire fraud charges on Thursday for allegedly leading a group of hackers who developed and unleashed malicious software, called Qakbot, in targeted ransomware attacks starting in 2008, according to the Department of Justice. Prosecutors are attempting to retrieve $24 million the alleged cybercriminal swiped from his victims. Advertisement Rustam Rafailevich Gallyamov, 48, of Moscow, was slapped with conspiracy and wire fraud charges by the DOJ. US District Court for the Central District of California 'Today's announcement of the Justice Department's latest actions to counter the Qakbot malware scheme sends a clear message to the cybercrime community,' Matthew R. Galeotti, head of the DOJ's Criminal Division, said in a statement. 'We are determined to hold cybercriminals accountable and will use every legal tool at our disposal to identify you, charge you, forfeit your ill-gotten gains, and disrupt your criminal activity.' Advertisement Prosecutors said Gallyamov used Qakbot to infect thousands of computers to establish a botnet — a network of compromised systems he and his co-horsts controlled and used to carry out the cyberattacks. Gallyamov, who received a cut of the ransom payments, eventually reframed his attacks to trick victims into granting access to their computers shortly after the FBI and other European law enforcement agencies dismantled his massive trove of infected systems in 2023. Prosecutors said he last attacked the US in January. Prosecutors said he last attacked the US in January. Gorodenkoff – Advertisement 'Mr. Gallyamov's bot network was crippled by the talented men and women of the FBI and our international partners in 2023, but he brazenly continued to deploy alternative methods to make his malware available to criminal cyber gangs conducting ransomware attacks against innocent victims globally,' said Akil Davis, the FBI's Assistant Director in Charge in Los Angeles. 'The charges announced today exemplify the FBI's commitment to relentlessly hold accountable individuals who target Americans and demand ransom, even when they live halfway across the world.' It was not immediately clear if Gallyamov was arrested or his whereabouts. Law enforcement agencies in the US, France, Germany, the Netherlands, Denmark, the United Kingdom, and Canada were involved in the coordinated takedown.
Economic Times
24-05-2025
- Economic Times
$24M in crypto, 30 Bitcoins, and $700K seized as FBI takes down Russian hacker behind 700,000 computer ransomware army in Operation Endgame
Reuters FBI and international allies seize $24M in crypto from Russian hacker Rustam Gallyamov, accused of turning 700,000 computers into a global ransomware army under Qakbot malware operation For thousands of people around the world, the nightmare began the same way: a frozen screen, a blinking message, and a demand for money. Doctors, small business owners, factory workers, and even school staff found their computers suddenly hijacked. The US Department of Justice has indicted Rustam Rafailevich Gallyamov, a 48-year-old Russian national from Moscow, for leading a global cybercriminal enterprise responsible for the notorious Qakbot malware. Alongside the charges, the Justice Department announced it had seized over $24 million in cryptocurrency linked to Gallyamov's cybercrime empire. These funds are now targeted to be returned to the victims who suffered from these attacks. Victims ranged from small dental offices in Los Angeles to technology firms in Nebraska, manufacturing companies in Wisconsin, and even real estate businesses in Canada. This indictment was unsealed on Thursday, May 22, 2025, and marks a crucial moment in America's ongoing battle against ransomware attacks that have plagued organizations worldwide. Matthew R. Galeotti, Head of the Justice Department's Criminal Division, emphasized the significance of this action: "Today's announcement of the Justice Department's latest actions to counter the Qakbot malware scheme sends a clear message to the cybercrime community. We are determined to hold cybercriminals accountable and will use every legal tool at our disposal to identify you, charge you, forfeit your ill-gotten gains, and disrupt your criminal activity." Gallyamov is accused of developing and deploying Qakbot since 2008, a sophisticated malware that infected over 700,000 computers globally. The malware facilitated ransomware attacks by granting access to co-conspirators who deployed various ransomware strains, including Conti, REvil, Black Basta, and Dopplepaymer. Despite a multinational operation targeting him in August 2023 that disrupted the Qakbot botnet, Gallyamov allegedly continued his cybercriminal activities.'Mr. Gallyamov's bot network was crippled by the talented men and women of the FBI and our international partners in 2023, but he brazenly continued to deploy alternative methods to make his malware available to criminal cyber gangs conducting ransomware attacks against innocent victims globally,' said Assistant Director in Charge Akil Davis of the FBI's Los Angeles Field and his associates shifted tactics, employing "spam bomb" attacks to deceive employees into granting network access, leading to further ransomware deployments as recently as January a result, the FBI under its 'Operation Endgame' seized more than 30 bitcoins and $700,000 in USDT tokens from Gallyamov under a seizure warrant executed on April 25, the Department of Justice confirmed in a Justice Department also filed a civil forfeiture complaint to seize over $24 million in cryptocurrency linked to Gallyamov's illicit activities. This was done not only to prosecute cybercriminals but also to recover assets to compensate indictment is part of Operation Endgame, a coordinated international effort involving law enforcement agencies from the United States, France, Germany, the Netherlands, Denmark, the United Kingdom, and Canada. This operation has dismantled key infrastructures of several malware strains, including Qakbot, DanaBot, Trickbot, and others, by taking down approximately 300 servers and neutralizing 650 domains worldwide.
Time of India
24-05-2025
- Time of India
$24M in crypto, 30 Bitcoins, and $700K seized as FBI takes down Russian hacker behind 700,000 computer ransomware army in Operation Endgame
Live Events What is Gallyamov accused of? Operation Endgame (You can now subscribe to our (You can now subscribe to our Economic Times WhatsApp channel For thousands of people around the world, the nightmare began the same way: a frozen screen, a blinking message, and a demand for money. Doctors, small business owners, factory workers, and even school staff found their computers suddenly US Department of Justice has indicted Rustam Rafailevich Gallyamov , a 48-year-old Russian national from Moscow, for leading a global cybercriminal enterprise responsible for the notorious Qakbot malware . Alongside the charges, the Justice Department announced it had seized over $24 million in cryptocurrency linked to Gallyamov's cybercrime empire. These funds are now targeted to be returned to the victims who suffered from these ranged from small dental offices in Los Angeles to technology firms in Nebraska, manufacturing companies in Wisconsin, and even real estate businesses in indictment was unsealed on Thursday, May 22, 2025, and marks a crucial moment in America's ongoing battle against ransomware attacks that have plagued organizations R. Galeotti, Head of the Justice Department's Criminal Division, emphasized the significance of this action: "Today's announcement of the Justice Department's latest actions to counter the Qakbot malware scheme sends a clear message to the cybercrime community. We are determined to hold cybercriminals accountable and will use every legal tool at our disposal to identify you, charge you, forfeit your ill-gotten gains, and disrupt your criminal activity."Gallyamov is accused of developing and deploying Qakbot since 2008, a sophisticated malware that infected over 700,000 computers globally. The malware facilitated ransomware attacks by granting access to co-conspirators who deployed various ransomware strains, including Conti, REvil, Black Basta, and a multinational operation targeting him in August 2023 that disrupted the Qakbot botnet, Gallyamov allegedly continued his cybercriminal activities.'Mr. Gallyamov's bot network was crippled by the talented men and women of the FBI and our international partners in 2023, but he brazenly continued to deploy alternative methods to make his malware available to criminal cyber gangs conducting ransomware attacks against innocent victims globally,' said Assistant Director in Charge Akil Davis of the FBI's Los Angeles Field and his associates shifted tactics, employing "spam bomb" attacks to deceive employees into granting network access, leading to further ransomware deployments as recently as January a result, the FBI under its 'Operation Endgame' seized more than 30 bitcoins and $700,000 in USDT tokens from Gallyamov under a seizure warrant executed on April 25, the Department of Justice confirmed in a Justice Department also filed a civil forfeiture complaint to seize over $24 million in cryptocurrency linked to Gallyamov's illicit activities. This was done not only to prosecute cybercriminals but also to recover assets to compensate indictment is part of Operation Endgame, a coordinated international effort involving law enforcement agencies from the United States, France, Germany, the Netherlands, Denmark, the United Kingdom, and operation has dismantled key infrastructures of several malware strains, including Qakbot, DanaBot, Trickbot, and others, by taking down approximately 300 servers and neutralizing 650 domains worldwide.
Epoch Times
23-05-2025
- Epoch Times
US Indicts Russian National Over Alleged Role in Qakbot Ransomware Attacks
The Department of Justice (DOJ) on May 22 unsealed charges against a Russian citizen accused of leading a cybercriminal group responsible for the Qakbot malware, which has targeted hundreds of thousands of computers across the United States and globally. Rustam Rafailevich Gallyamov, 48, of Moscow, allegedly created Qakbot in 2008 and began using it in 2019 to infect computers with ransomware, targeting companies in various sectors, including a dental clinic in Los Angeles, a music company in Tennessee and an insurance company in Maryland, according to the After infiltrating victims' computers, Gallyamov and his co-conspirators allegedly demanded ransom payments from victims seeking to regain access to their computers and prevent the release of stolen private data. Prosecutors stated that Gallyamov also partnered with ransomware groups by giving them access to compromised computers in exchange for a share of the ransom payments collected from victims. The DOJ said that it has filed a complaint seeking the forfeiture of more than $24 million in cryptocurrency seized from Gallyamov throughout the investigation, as it aims to return those funds to victims. 'The criminal charges and forfeiture case announced today are part of an ongoing effort with our domestic and international law enforcement partners to identify, disrupt, and hold accountable cybercriminals,' U.S. Attorney Bill Essayli for the Central District of California said in a Related Stories 2/13/2025 5/8/2024 'The forfeiture action against more than $24 million in virtual assets also demonstrates the Justice Department's commitment to seizing ill-gotten assets from criminals in order to ultimately compensate victims.' In 2023, a U.S.-led multinational operation—joined by France, Germany, the Netherlands, the United Kingdom, Romania, and Latvia—disrupted the Qakbot botnet and malware, seizing about $8.6 million in cryptocurrency, according to a previous At the time, authorities discovered that Qakbot had infected more than 700,000 computers worldwide, including 200,000 in the United States. According to the indictment, Gallyamov and his co-conspirators allegedly resorted to another hacking mechanism named the 'spam bomb' attack to trick employees of targeted companies into granting access to their computer systems. Earlier this year, the defendant allegedly carried out spam bomb attacks against companies in the United States by flooding their inboxes with email subscriptions, the DOJ stated. 'Mr. Gallyamov's bot network was crippled by the talented men and women of the FBI and our international partners in 2023, but he brazenly continued to deploy alternative methods to make his malware available to criminal cyber gangs conducting ransomware attacks against innocent victims globally,' Akil Davis, assistant director in charge at the FBI's Los Angeles Field Office, said in a statement. Gallyamov could be sentenced to up to 25 years in prison if found guilty of the charges. The Epoch Times could not reach Gallyamov or his legal representative by publication time.
Yahoo
23-05-2025
- Yahoo
US indicts Russian accused of running major global cybercrime ring
A US federal indictment unsealed Thursday accused a Russian man of leading a global cybercrime ring that caused hundreds of millions of dollars in damage to victims around the world. The crime group victimized people throughout the US and in various sectors of the economy, according to the indictment, from a dental office in Los Angeles to a music company in Tennessee. In announcing the charges, the Justice Department said it was working to return to victims more than $24 million in cryptocurrency allegedly stolen by the Russian man and seized by the department. It's the latest installment in a yearslong US law enforcement effort to make it more difficult for Russia-based criminals to extort and disrupt US critical infrastructure providers with ransomware attacks. On Wednesday, the Justice Department said it had seized the computer systems behind another prolific hacking tool whose mastermind is also allegedly based in Russia. Russia and the US don't have an extradition treaty, and the Kremlin has been reluctant to pursue hackers on Russian soil as long as they don't attack Russian organizations, according to US officials. The man indicted Thursday, Rustam Rafailevich Gallyamov, a 48-year-old based in Moscow, allegedly developed a piece of malicious software in 2008 that has been used to infect hundreds of thousands of computers in the US and globally. The malware, called Qakbot, was used in damaging ransomware attacks on health care agencies and government agencies worldwide, prosecutors have said. Gallyamov often received a cut of the proceeds from ransomware attacks that other hackers carried out using Qakbot, according to the Justice Department. For the ransomware attack on the Tennessee music company, he received the equivalent of more than $300,000, the indictment says. CNN has requested comment from the Russian Embassy in Washington, DC, on the charges. The indictment provides a window into the resilient career path of an alleged cybercriminal. In 2023, the FBI and European law enforcement agencies dismantled a massive network of computers infected with Qakbot and seized millions of dollars belonging to the hackers. Gallyamov responded to that bust by looking for other ways to make his malicious software available to cybercriminals conducting ransomware attacks, Akil Davis, assistant director in charge of the FBI's Los Angeles Field Office, said in a statement on Thursday. Gallyamov and associates allegedly started 'spam bombing' companies, or flooding their inboxes with subscription to newsletters, and then posing as IT support to offer to fix the problem, the indictment says. The State Department in 2023 offered $10 million for information on people behind Qakbot. It's unclear if any confidential tips to the State Department led to Gallyamov's indictment. In some cases, federal prosecutors unseal an indictment when they aren't sure if a defendant will travel out of a country that doesn't have an extradition treaty with the US. One of Gallyamov's primary customers was allegedly a ransomware gang known as Conti, which made at least $25 million from a flurry of attacks in a fourth-month span in 2021, according to crypto-tracking firm Elliptic. The ransomware gang used Gallyamov's hacking tool in attacks on a Wisconsin manufacturing firm and Nebraska tech company in the fall of 2021, according to the indictment. The last mention of the Conti ransomware gang in the indictment is in late January 2022. A month later, Russia launched its full-scale invasion of Ukraine, and a Ukrainian leaked a trove of data on Conti in revenge for its support for the Russian government, forcing the criminal network to reconstitute. But Gallyamov allegedly moved on to other customers.
