Latest news with #Qakbot
New York Post
5 days ago
- New York Post
Russian hacker indicted for operating cybercrime ring that stole millions in targeted cyberattacks
A Russian national was indicted for leading a cybercriminal enterprise that infected computers and stole millions from victims around the globe for more than a decade, federal prosecutors revealed. Rustam Rafailevich Gallyamov, 48, of Moscow, was slapped with conspiracy and wire fraud charges on Thursday for allegedly leading a group of hackers who developed and unleashed malicious software, called Qakbot, in targeted ransomware attacks starting in 2008, according to the Department of Justice. Prosecutors are attempting to retrieve $24 million the alleged cybercriminal swiped from his victims. Advertisement Rustam Rafailevich Gallyamov, 48, of Moscow, was slapped with conspiracy and wire fraud charges by the DOJ. US District Court for the Central District of California 'Today's announcement of the Justice Department's latest actions to counter the Qakbot malware scheme sends a clear message to the cybercrime community,' Matthew R. Galeotti, head of the DOJ's Criminal Division, said in a statement. 'We are determined to hold cybercriminals accountable and will use every legal tool at our disposal to identify you, charge you, forfeit your ill-gotten gains, and disrupt your criminal activity.' Advertisement Prosecutors said Gallyamov used Qakbot to infect thousands of computers to establish a botnet — a network of compromised systems he and his co-horsts controlled and used to carry out the cyberattacks. Gallyamov, who received a cut of the ransom payments, eventually reframed his attacks to trick victims into granting access to their computers shortly after the FBI and other European law enforcement agencies dismantled his massive trove of infected systems in 2023. Prosecutors said he last attacked the US in January. Prosecutors said he last attacked the US in January. Gorodenkoff – Advertisement 'Mr. Gallyamov's bot network was crippled by the talented men and women of the FBI and our international partners in 2023, but he brazenly continued to deploy alternative methods to make his malware available to criminal cyber gangs conducting ransomware attacks against innocent victims globally,' said Akil Davis, the FBI's Assistant Director in Charge in Los Angeles. 'The charges announced today exemplify the FBI's commitment to relentlessly hold accountable individuals who target Americans and demand ransom, even when they live halfway across the world.' It was not immediately clear if Gallyamov was arrested or his whereabouts. Law enforcement agencies in the US, France, Germany, the Netherlands, Denmark, the United Kingdom, and Canada were involved in the coordinated takedown.
Economic Times
6 days ago
- Economic Times
$24M in crypto, 30 Bitcoins, and $700K seized as FBI takes down Russian hacker behind 700,000 computer ransomware army in Operation Endgame
Reuters FBI and international allies seize $24M in crypto from Russian hacker Rustam Gallyamov, accused of turning 700,000 computers into a global ransomware army under Qakbot malware operation For thousands of people around the world, the nightmare began the same way: a frozen screen, a blinking message, and a demand for money. Doctors, small business owners, factory workers, and even school staff found their computers suddenly hijacked. The US Department of Justice has indicted Rustam Rafailevich Gallyamov, a 48-year-old Russian national from Moscow, for leading a global cybercriminal enterprise responsible for the notorious Qakbot malware. Alongside the charges, the Justice Department announced it had seized over $24 million in cryptocurrency linked to Gallyamov's cybercrime empire. These funds are now targeted to be returned to the victims who suffered from these attacks. Victims ranged from small dental offices in Los Angeles to technology firms in Nebraska, manufacturing companies in Wisconsin, and even real estate businesses in Canada. This indictment was unsealed on Thursday, May 22, 2025, and marks a crucial moment in America's ongoing battle against ransomware attacks that have plagued organizations worldwide. Matthew R. Galeotti, Head of the Justice Department's Criminal Division, emphasized the significance of this action: "Today's announcement of the Justice Department's latest actions to counter the Qakbot malware scheme sends a clear message to the cybercrime community. We are determined to hold cybercriminals accountable and will use every legal tool at our disposal to identify you, charge you, forfeit your ill-gotten gains, and disrupt your criminal activity." Gallyamov is accused of developing and deploying Qakbot since 2008, a sophisticated malware that infected over 700,000 computers globally. The malware facilitated ransomware attacks by granting access to co-conspirators who deployed various ransomware strains, including Conti, REvil, Black Basta, and Dopplepaymer. Despite a multinational operation targeting him in August 2023 that disrupted the Qakbot botnet, Gallyamov allegedly continued his cybercriminal activities.'Mr. Gallyamov's bot network was crippled by the talented men and women of the FBI and our international partners in 2023, but he brazenly continued to deploy alternative methods to make his malware available to criminal cyber gangs conducting ransomware attacks against innocent victims globally,' said Assistant Director in Charge Akil Davis of the FBI's Los Angeles Field and his associates shifted tactics, employing "spam bomb" attacks to deceive employees into granting network access, leading to further ransomware deployments as recently as January a result, the FBI under its 'Operation Endgame' seized more than 30 bitcoins and $700,000 in USDT tokens from Gallyamov under a seizure warrant executed on April 25, the Department of Justice confirmed in a Justice Department also filed a civil forfeiture complaint to seize over $24 million in cryptocurrency linked to Gallyamov's illicit activities. This was done not only to prosecute cybercriminals but also to recover assets to compensate indictment is part of Operation Endgame, a coordinated international effort involving law enforcement agencies from the United States, France, Germany, the Netherlands, Denmark, the United Kingdom, and Canada. This operation has dismantled key infrastructures of several malware strains, including Qakbot, DanaBot, Trickbot, and others, by taking down approximately 300 servers and neutralizing 650 domains worldwide.
Time of India
6 days ago
- Time of India
$24M in crypto, 30 Bitcoins, and $700K seized as FBI takes down Russian hacker behind 700,000 computer ransomware army in Operation Endgame
Live Events What is Gallyamov accused of? Operation Endgame (You can now subscribe to our (You can now subscribe to our Economic Times WhatsApp channel For thousands of people around the world, the nightmare began the same way: a frozen screen, a blinking message, and a demand for money. Doctors, small business owners, factory workers, and even school staff found their computers suddenly US Department of Justice has indicted Rustam Rafailevich Gallyamov , a 48-year-old Russian national from Moscow, for leading a global cybercriminal enterprise responsible for the notorious Qakbot malware . Alongside the charges, the Justice Department announced it had seized over $24 million in cryptocurrency linked to Gallyamov's cybercrime empire. These funds are now targeted to be returned to the victims who suffered from these ranged from small dental offices in Los Angeles to technology firms in Nebraska, manufacturing companies in Wisconsin, and even real estate businesses in indictment was unsealed on Thursday, May 22, 2025, and marks a crucial moment in America's ongoing battle against ransomware attacks that have plagued organizations R. Galeotti, Head of the Justice Department's Criminal Division, emphasized the significance of this action: "Today's announcement of the Justice Department's latest actions to counter the Qakbot malware scheme sends a clear message to the cybercrime community. We are determined to hold cybercriminals accountable and will use every legal tool at our disposal to identify you, charge you, forfeit your ill-gotten gains, and disrupt your criminal activity."Gallyamov is accused of developing and deploying Qakbot since 2008, a sophisticated malware that infected over 700,000 computers globally. The malware facilitated ransomware attacks by granting access to co-conspirators who deployed various ransomware strains, including Conti, REvil, Black Basta, and a multinational operation targeting him in August 2023 that disrupted the Qakbot botnet, Gallyamov allegedly continued his cybercriminal activities.'Mr. Gallyamov's bot network was crippled by the talented men and women of the FBI and our international partners in 2023, but he brazenly continued to deploy alternative methods to make his malware available to criminal cyber gangs conducting ransomware attacks against innocent victims globally,' said Assistant Director in Charge Akil Davis of the FBI's Los Angeles Field and his associates shifted tactics, employing "spam bomb" attacks to deceive employees into granting network access, leading to further ransomware deployments as recently as January a result, the FBI under its 'Operation Endgame' seized more than 30 bitcoins and $700,000 in USDT tokens from Gallyamov under a seizure warrant executed on April 25, the Department of Justice confirmed in a Justice Department also filed a civil forfeiture complaint to seize over $24 million in cryptocurrency linked to Gallyamov's illicit activities. This was done not only to prosecute cybercriminals but also to recover assets to compensate indictment is part of Operation Endgame, a coordinated international effort involving law enforcement agencies from the United States, France, Germany, the Netherlands, Denmark, the United Kingdom, and operation has dismantled key infrastructures of several malware strains, including Qakbot, DanaBot, Trickbot, and others, by taking down approximately 300 servers and neutralizing 650 domains worldwide.
Business Mayor
6 days ago
- Business Mayor
Russian-led cybercrime network dismantled in global operation
European and North American cybercrime investigators say they have dismantled the heart of a malware operation directed by Russian criminals after a global operation involving British, Canadian, Danish, Dutch, French, German and US police. International arrest warrants have been issued for 20 suspects, most of them living in Russia, by European investigators while indictments were unsealed in the US against 16 individuals. Those charged include the alleged leaders of the Qakbot and Danabot malware operations, including Rustam Rafailevich Gallyamov, 48, who lives in Moscow and Aleksandr Stepanov, 39, AKA JimmBee and Artem Aleksandrovich Kalinkin, 34, AKA Onix, both of Novosibirsk, Russia, the US Department of Justice said. Cyber-attacks aimed at destabilising governments or simple theft and blackmail are becoming increasingly pernicious. The high-street retailer Marks & Spencer is one of the most high-profile and recent victims in the UK this month. The Europeans led by the German crime agency, Bundeskriminalamt (BKA) released public appeals in its attempts to track down 18 suspects believed to be involved in the Qakbot malware family along with a third malware known as Trickbot. BKA and its international counterparts said the majority of the suspects were Russian citizens. The Russian national Vitalii Nikolayevich Kovalev, 36, already wanted in the US, is one of BKA's most wanted. He is allegedly behind Conti, considered to be the most professional and best-organised ransomware blackmail group in the world with Kovalev described as one of the 'most successful blackmailers in the history of cybercrime' by German investigators. Using the pseudonyms Stern and Ben, BKA allege he is claimed to have attacked hundreds of companies worldwide and extracted large ransom payments from them. Read More Judge given formal advice over rude interruptions Kovolev, 36, from Volgorod, is believed to be living in Moscow, where several firms are registered in his name. He was identified by US investigators in 2023 as having been a member of Trickbot. Investigators now also believe he was at the helm of Conti and other blackmail groups, such as Royal and Blacksuit (founded in 2022). His own cryptowallet is said to be worth about €1bn. BKA said, along with international partners, of the 37 perpetrators they identified they had enough evidence to issue 20 arrest warrants. The US attorney's office in California at the same time unsealed the details of charges against 16 defendants who allegedly 'developed and deployed the DanaBot malware'. The criminal infiltrations into victims' computers were 'controlled and deployed' by a Russia-based cybercrime organisation that has infected more than 300,000 computers around the world particularly in the US, Australia, Poland, India and Italy. It was advertised on Russian-language criminal forums and also had an 'espionage variant used to target military, diplomatic, government and non-governmental organisations' the indictment states. 'For this variant, separate servers were established, such that data stolen from these victims was ultimately stored in the Russian federation.' Also on the Europe most-wanted list as a result of the German operation is a 36-year-old Russian-speaking Ukrainian, Roman Mikhailovich Prokop, a suspected member of Qakbot, according to BKA. Operation Endgame was instigated by the German authorities in 2022. The BKA president, Holger Münch, said Germany was a particular focus of cybercriminals. BKA in particular is investigating the suspected perpetrators' involvement in gang-related activities and commercial extortion as well as membership of an overseas-based criminal organisation. Read More Society seeks conveyancers' views for climate risk practice note Between 2010 and 2022 the Conti group focused specifically on US hospitals, increasing its attacks during the Covid pandemic. US authorities had offered a $10m reward to anyone who would lead them to its figureheads. Most suspects are operating in Russia, some also in Dubai. Their extradition to Europe or the US was unlikely, Münch said, but their identification was significant and damaging to them. 'With Operation Endgame 2.0, we have once again demonstrated that our strategies work – even in the supposedly anonymous darknet.'
Yahoo
6 days ago
- Yahoo
Russian-led cybercrime network dismantled in global operation
European and North American cybercrime investigators say they have dismantled the heart of a malware operation directed by Russian criminals after a global operation involving British, Canadian, Danish, Dutch, French, German and US police. International arrest warrants have been issued for 20 suspects, most of them living in Russia, by European investigators while indictments were unsealed in the US against 16 individuals. Those charged include the alleged leaders of the Qakbot and Danabot malware operations, including Rustam Rafailevich Gallyamov, 48, who lives in Moscow and Aleksandr Stepanov, 39, AKA JimmBee and Artem Aleksandrovich Kalinkin, 34, AKA Onix, both of Novosibirsk, Russia, the US Department of Justice said. Cyber-attacks aimed at destabilising governments or simple theft and blackmail are becoming increasingly pernicious. The high-street retailer Marks & Spencer is one of the most high-profile and recent victims in the UK this month. The Europeans led by the German crime agency, Bundeskriminalamt (BKA) released public appeals in its attempts to track down 18 suspects believed to be involved in the Qakbot malware family along with a third malware known as Trickbot. BKA and its international counterparts said the majority of the suspects were Russian citizens. The Russian national Vitalii Nikolayevich Kovalev, 36, already wanted in the US, is one of BKA's most wanted. He is allegedly behind Conti, considered to be the most professional and best-organised ransomware blackmail group in the world with Kovalev described as one of the 'most successful blackmailers in the history of cybercrime' by German investigators. Using the pseudonyms Stern and Ben, BKA allege he is claimed to have attacked hundreds of companies worldwide and extracted large ransom payments from them. Kovolev, 36, from Volgorod, is believed to be living in Moscow, where several firms are registered in his name. He was identified by US investigators in 2023 as having been a member of Trickbot. Investigators now also believe he was at the helm of Conti and other blackmail groups, such as Royal and Blacksuit (founded in 2022). His own cryptowallet is said to be worth about €1bn. BKA said, along with international partners, of the 37 perpetrators they identified they had enough evidence to issue 20 arrest warrants. The US attorney's office in California at the same time unsealed the details of charges against 16 defendants who allegedly 'developed and deployed the DanaBot malware'. The criminal infiltrations into victims' computers were 'controlled and deployed' by a Russia-based cybercrime organisation that has infected more than 300,000 computers around the world particularly in the US, Australia, Poland, India and Italy. It was advertised on Russian-language criminal forums and also had an 'espionage variant used to target military, diplomatic, government and non-governmental organisations' the indictment states. 'For this variant, separate servers were established, such that data stolen from these victims was ultimately stored in the Russian federation.' Also on the Europe most-wanted list as a result of the German operation is a 36-year-old Russian-speaking Ukrainian, Roman Mikhailovich Prokop, a suspected member of Qakbot, according to BKA. Operation Endgame was instigated by the German authorities in 2022. The BKA president, Holger Münch, said Germany was a particular focus of cybercriminals. BKA in particular is investigating the suspected perpetrators' involvement in gang-related activities and commercial extortion as well as membership of an overseas-based criminal organisation. Between 2010 and 2022 the Conti group focused specifically on US hospitals, increasing its attacks during the Covid pandemic. US authorities had offered a $10m reward to anyone who would lead them to its figureheads. Most suspects are operating in Russia, some also in Dubai. Their extradition to Europe or the US was unlikely, Münch said, but their identification was significant and damaging to them. 'With Operation Endgame 2.0, we have once again demonstrated that our strategies work – even in the supposedly anonymous darknet.'
