3 hours ago
5 
Gallyamov is alleged to have developed and deployed Qakbot beginning in 2008, building a massive botnet of infected devices. From 2019 onward, he reportedly gave access to ransomware operators who used the compromised systems to deploy strains including REvil, Conti, Egregor, and Black Basta. In return, Gallyamov allegedly received a cut of the ransom payments.
On April 25, 2025, the FBI seized additional funds tied to the conspiracy: over 30 bitcoin and $700,000 in USDT, bringing the total value of seized crypto linked to Gallyamov to over $24 million. A civil forfeiture complaint was filed Thursday to return those assets to victims.
Despite the 2023 multinational takedown of Qakbot infrastructure, Gallyamov and his co-conspirators reportedly continued operations using new tactics, such as “spam bomb” phishing attacks, targeting U.S. firms as recently as January 2025.
“This case demonstrates our global resolve to disrupt ransomware networks and hold leaders accountable—no matter where they hide,” said DOJ officials.
The case is part of Operation Endgame, an international effort involving law enforcement from Germany, France, the Netherlands, the U.K., Canada, and Europol.
If convicted, Gallyamov faces significant penalties for orchestrating one of the most persistent malware-based ransomware networks in recent history.
The post Leader of Qakbot Malware Scheme Indicted as U.S. Seizes $24M in Crypto appeared first on Coindoo.
Bengali (Bangladesh) · 
English (United States) ·