- Category
- Latest news
FBI Charges Russian Man Over Malware That Fueled Ransomware Attacks Worldwide
- Authors
![Maryna_kulakova]( "Photo of Maryna Kulakova")
![Tetiana_frolova]( "Photo of Tetiana Frolova")
-924c3c302c27387e19f6c44aaeb98745.png "Photo of Maryna Kulakova")
A newly unsealed US federal indictment accuses Russian national Rustam Rafailevich Gallyamov of leading a global cybercrime operation responsible for hundreds of millions of dollars in damages, CNN reported on May 22.
The 48-year-old Moscow-based suspect allegedly developed and distributed Qakbot malware, which has been used in ransomware attacks against health care providers, government agencies, and businesses around the world since 2008.
According to the Justice Department, cited by CNN, Gallyamov and his associates targeted victims across the US, from a dental office in Los Angeles to a music company in Tennessee. In some cases, he allegedly earned a share of the ransom payments—receiving over $300,000 from a single attack on the Tennessee firm. Prosecutors said more than $24 million in stolen cryptocurrency linked to Gallyamov has been recovered.
Despite law enforcement dismantling the Qakbot network in 2023, Gallyamov reportedly sought new ways to distribute the malware, including tactics like flooding companies’ inboxes with spam and then impersonating IT support to spread infections. The FBI said this evolution demonstrates Gallyamov’s efforts to maintain Qakbot’s utility for ransomware gangs, CNN reported.
One of his main clients was allegedly the Conti ransomware group, which reportedly generated $25 million in four months using Qakbot tools. The indictment links Conti to attacks on companies in Wisconsin and Nebraska in late 2021. The group dissolved shortly after Russia’s full-scale invasion of Ukraine in 2022, when a Ukrainian hacker leaked its internal data in retaliation for its pro-Kremlin stance.
Gallyamov's case is the latest in a sustained US campaign to disrupt Russia-based cybercriminals targeting American infrastructure. Just a day earlier, the Justice Department announced the takedown of another major Russian-linked hacking tool.
Although the US has offered a $10 million reward for information leading to the individuals behind Qakbot, it remains unclear whether tips contributed to Gallyamov's indictment. Russia does not have an extradition treaty with the US, and American officials say the Kremlin rarely pursues cybercriminals who avoid attacking Russian targets.
Previously, an international investigation has revealed that Romania was a major target in a cyber-espionage campaign orchestrated by Russia’s military intelligence agency, the GRU, aimed at monitoring the movement of Western aid into Ukraine.
-21d0b63c17f6020e4df75f6c6f9a2f4f.jpg "Photo of Ivan Khomenko")
