Key Highlights:
- The U.S. Department of Justice has indicted Rustam Gallyamov for leading the criminal network behind the Qakbot malware, seizing over $24 million in cryptocurrency linked to global ransomware attacks.
- The global crackdown on cybercrime intensifies with Operation Endgame, targeting hackers connected to Qakbot, LockBit, and Tornado Cash.
U.S. Indicts Russian National for Leading Major Cybercrime Group
The U.S. Department of Justice has indicted Russian national Rustam Gallyamov for leading a major international cybercrime network behind the Qakbot malware. Authorities seized over $24 million in cryptocurrency tied to the criminal operation, with plans to return the funds to the victims.
The indictment, filed on May 22, 2025, marks a significant step in the U.S. government’s efforts to combat ransomware attacks. It is part of a broader international initiative—similar to Operation Endgame—aimed at cybercriminals who use malware like Qakbot to infect systems worldwide, extort victims, and steal sensitive data and funds.
Victims ranged from small dental clinics in Los Angeles, to tech firms in Nebraska, manufacturers in Wisconsin, and real estate agencies in Canada.
U.S. and Allies Unite Against Cybercrime
The charges announced today demonstrate the FBI’s commitment to holding accountable those who extort Americans—even from across the globe.
said Akil Davis, Assistant Director of the FBI’s Los Angeles Field Office.
The operation is part of a global crackdown on cybercrime, with the U.S., France, Germany, the Netherlands, Denmark, the United Kingdom, and Canada working in coordination, according to official statements.
Qakbot Malware Has Infected Over 700,000 Computers
Gallyamov is accused of operating the Qakbot malware since 2008, infecting more than 700,000 computers globally. The botnet enabled ransomware campaigns by groups like Conti, Black Basta, and REvil, from which Gallyamov received a portion of the ransom payments.
In August 2023, a U.S.-led international operation dismantled the Qakbot botnet, seizing over 170 Bitcoins and more than $4 million in USDT and USDC from Gallyamov-controlled wallets.
Despite that, he continued his criminal activity by switching to new tactics, such as “spam bomb” attacks—flooding victims with phishing emails to trick employees into granting access. These attacks persisted as recently as January 2025.
Operation Endgame Continues with New Seizures
As part of Operation Endgame, the FBI seized an additional 30 Bitcoins and $700,000 in USDT from Gallyamov. The Department of Justice has also filed a civil forfeiture case to permanently claim the seized crypto assets (worth over $24 million total) with the intent to return the funds to victims.
If convicted, Gallyamov faces a maximum sentence of 25 years in federal prison.
Tornado Cash and LockBit Also Under Fire
This is just one of several recent operations launched by the U.S. against organized cybercrime. In December 2024, charges were brought against Rostislav Panev—a Russian-Israeli linked to LockBit ransomware—for developing malware used to breach networks and extort victims. Authorities linked over $230,000 in crypto to him.
In May 2025, another 12 individuals—mostly young people—were indicted for running a $263 million crypto fraud scheme used to purchase luxury jets and cars.
Federal prosecutors are also investigating Roman Storm, the founder of Tornado Cash, who stands accused of laundering billions of dollars in illicit crypto.
Conclusion:
The latest actions by the U.S. Department of Justice and FBI reflect a zero-tolerance approach to international cybercrime.
The seizure of over $24 million in cryptocurrency from Russian hacker Rustam Gallyamov and the dismantling of the Qakbot network sends a clear message: even well-hidden criminals cannot remain in the shadows forever.
Global cooperation between countries like the U.S., Germany, France, and Canada reinforces a united commitment to combating digital threats.
Further operations are expected—especially against long-operating networks like Tornado Cash and LockBit.
Frequently Asked Questions
Find answers to the most common questions below.
Rustam Gallyamov is a Russian national indicted by the U.S. DOJ for leading the Qakbot cybercrime ring, responsible for infecting over 700,000 computers globally.
Operation Endgame is a coordinated international law enforcement campaign aimed at dismantling major cybercrime groups, including those behind Qakbot, LockBit, and Tornado Cash.
The U.S. Department of Justice has filed a civil forfeiture case and plans to return the seized funds to the victims of the ransomware attacks.
This article is for general informational purposes only and is not intended to be, and should not be construed as, legal or investment advice. Crypto-assets are highly volatile, so only invest funds that you are willing to lose and use your own research and risk management.
