Russian National and Leader of Qakbot Malware Conspiracy Indicted

An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.  Central District of California | Russian National and Leader of Qakbot Malware Conspiracy Indicted in Long-Running Global Ransomware Scheme | United States Department of Justice

Russian national Rafailevich Gallyamov, 48, was charged with leading a group of cyber criminals that developed & deployed the #Qakbot malware that infected thousands of computers worldwide, installing ransomware & demanding payment from victims. If convicted, Gallyamov would face a statutory maximum sentence of 25 years in federal prison.  

“Today’s announcement of the Justice Department’s latest actions to counter the Qakbot malware scheme sends a clear message to the cybercrime community,” said Matthew R. Galeotti, Head of the Justice Department’s Criminal Division. “We will not stop holding cybercriminals accountable, even over a course of years, and we will use every legal tool at our disposal to identify you, charge you, forfeit your ill-gotten gains, and disrupt your criminal activity.”

According to the indictment, Gallyamov developed, deployed, and controlled the Qakbot malware beginning in 2008. From 2019 onward, Gallyamov allegedly used the Qakbot botnet to infect thousands of victim computers around the world to establish a network or “botnet” of infected computers. Once Gallyamov gained access to victim computers, he provided access to co-conspirators who infected the computers with ransomware, including 

• Prolock
• Dopplepaymer
• Egregor
• REvil
• Conti
• Name Locker
• Black Basta
• Cactus. 

Gallyamov was paid a portion of the ransoms received from ransomware victims.  The indictment alleges that Gallyamov orchestrated spam bomb attacks against victims in the United States as recently as January 2025.

The announcement of charges today is the latest step taken by the Justice Department against the Qakbot conspiracy. In August 2023, a U.S.-led multinational operation disrupted the Qakbot botnet and malware. At that time, the Justice Department announced the seizure of illicit proceeds from Gallyamov, including more than 170 bitcoin and more than $4 million of USDT and USDC tokens.

 The investigation of Gallyamov was led by the FBI’s Los Angeles Field Office, which worked closely with investigators from 

• Germany’s Bundeskriminalamt (BKA)
• Netherlands National Police
• French Police Cybercrime Central Bureau
• Europol. 
• The Justice Department’s Office of International Affairs and the FBI Milwaukee Field Office provided significant assistance.

These law enforcement actions were taken in conjunction with Operation Endgame, an ongoing, coordinated effort among international law enforcement agencies aimed at dismantling and prosecuting cybercriminal organizations around the world.

Resources for victims can be found on the following website, which will be updated as additional information becomes available: Qakbot Resources.

Civil Forfeiture Lawsuit Seeking More Than $24 Million in Cryptocurrency Filed

“Today’s announcement of the Justice Department’s latest actions to counter the Qakbot malware scheme sends a clear message to the cybercrime community,” said Matthew R. Galeotti, Head of the Justice Department’s Criminal Division. “We will not stop holding cybercriminals accountable, even over a course of years, and we will use every legal tool at our disposal to identify you, charge you, forfeit your ill-gotten gains, and disrupt your criminal activity.”

LOS ANGELES – A federal grand jury indictment and criminal complaint unsealed today charge 16 defendants who allegedly developed and deployed the DanaBot malware which a Russia-based cybercrime organization controlled and deployed, infecting more than 300,000 victim computers around the world, facilitated fraud and ransomware, and caused at least $50 million in damage.

More News from Los Angeles

• Menendez Brothers & Parole Process for Elderly Incarcerated The costly process for the Menendez brothers to be released may be a stop-gap for the future parole process allow 28% of those who are 60+ years, having served at least 25 years!
• Covid Tax-Benefit-Scheme Fraudster Sentenced May 17, 2021, the COVID-19 Fraud Enforcement Task Force was established to marshal the resources of the DOJ to enhance efforts to combat and prevent pandemic-related fraud.