Federal Indictment of Rustam Rafailevich Gallyamov
In a significant law enforcement action, U.S. authorities have unveiled a federal indictment against Rustam Rafailevich Gallyamov, a 48-year-old resident of Moscow, who allegedly masterminded a sophisticated cyber crime operation utilizing the notorious Qakbot malware. This indictment marks a critical escalation in anti-cybercrime efforts involving multiple nations, including the U.S., France, Germany, the Netherlands, Denmark, the UK, and Canada.
Civil Forfeiture and Recovery of Assets
The indictment was announced alongside a civil forfeiture complaint aimed at reclaiming more than $24 million worth of cryptocurrency that has been seized as part of the investigation into Gallyamov’s activities. This move underscores the Justice Department’s firm commitment to dismantling cyber criminal enterprises and recovering funds for victims affected by their crimes.
Matthew R. Galeotti, who heads the Justice Department’s Criminal Division, stated that today’s action is a clear warning to the cybercrime community about the seriousness with which U.S. authorities view these offenses. Galeotti emphasized that the department will use every legal avenue to bring cybercriminals to justice and recover their illicit profits.
Collaborative Efforts and Broader Initiatives
U.S. Attorney Bill Essayli highlighted the collaboration between law enforcement agencies at both domestic and international levels, suggesting that today’s actions are part of a broader initiative to trace, disrupt, and hold accountable individuals involved in cybercrimes. This complaint not only targets Gallyamov but also represents ongoing efforts to compensate victims through the recovery of misappropriated assets.
Criminal Activities and Operations
Gallyamov’s nefarious operations reportedly date back to 2008 when he began managing the Qakbot malware, which has been responsible for infecting thousands of computers worldwide. By 2019, he had devised a network of compromised systems—referred to as a “botnet”—that he exploited to facilitate ransomware attacks in collaboration with various criminal associates. His network aided infamous ransomware programs such as Prolock, Dopplepaymer, and Conti, and for his assistance, Gallyamov allegedly received a share of the ransoms paid by victims.
Despite significant disruption to his botnet by the FBI and global law enforcement in 2023, Gallyamov purportedly continued to innovate, employing new tactics such as spam bomb campaigns to gain unauthorized access to victim networks. His latest known attacks extended into 2025, demonstrating his ongoing commitment to cybercrime even after substantial setbacks.
Seizures and Ongoing Investigations
In addition to the seizure of the previously mentioned cryptocurrencies, additional financial assets, including over 30 bitcoin and significant amounts of USDT, were confiscated as part of an ongoing investigation. The Central District of California is currently pursuing civil actions to finalize the forfeiture process, with a particular focus on returning these funds to the victims of Gallyamov’s cyber activities.
Global Collaboration Against Cybercrime
This case has been a collaborative effort led by the FBI’s Los Angeles Field Office, with invaluable support from various international partners, including German, Dutch, and French law enforcement agencies. It exemplifies a coordinated approach to dismantle global cybercriminal networks and highlights the persistent threat posed by such organizations to individuals and businesses worldwide. Victims seeking guidance and support can find resources available on the Justice Department’s dedicated cybercrime webpage, which will continue to be updated with new information as it arises.
