US indicts Russian accused of ransomware attacks

FILE PHOTO: Illustration shows laptop with binary code on the screen in front of Russian flag
FILE PHOTO: A hand is seen on a laptop with binary code displayed on the screen in front of a Russian flag in this picture illustration created on August 19, 2022. REUTERS/Dado Ruvic/Illustration/File Photo
Source: REUTERS

By AJ Vicens

The U.S. Department of Justice on Thursday unsealed charges against a Russian national accused of leading the development and deployment of malicious software that infected thousands of computers over more than a decade.

Rustam Rafailevich Gallyamov, 48, of Moscow, led a group of cybercriminals who developed and deployed Qakbot, a name for software that could be used to infect computers with additional malware, such as ransomware, as well as to conscript the computer into a botnet - or group of compromised computers and devices controlled remotely - to be used for additional malicious purposes, according to a DOJ statement.

Prosecutors also made public a complaint seeking the forfeiture of more than $24 million in cryptocurrency and traditional funds seized over the course of the investigation, the DOJ said.

The charges of conspiracy and conspiracy to commit wire fraud come a year and a half after an international law enforcement operation disrupted Qakbot infrastructure. Gallyamov continued cybercriminal activities after the disruption, prosecutors said, as recently as January 2025.

Gallyamov did not immediately respond to a request for comment. The DOJ statement did not indicate his whereabouts.

Also on Thursday, federal prosecutors in Los Angeles unsealed charges against 16 people accused of developing and deploying the DanaBot malware, which was used to infect more than 300,000 computers worldwide and cause at least $50 million in damage, according to a DOJ statement.

The DanaBot charges are part of Operation Endgame, an international law enforcement and private-sector campaign targeting cybercriminal operators and infrastructure around the world.

DanaBot emerged in 2018 as malware to steal banking credentials and other information, but evolved to enable wider information stealing and establish access for follow-on activity, according to researchers with Lumen’s Black Lotus Labs, who participated in Operation Endgame.

DanaBot remained “highly operational through 2025,” the researchers wrote in a blog post, with roughly 1,000 daily victims across more than 40 countries.

This article was produced by Reuters news agency. It has not been edited by Global South World.

Share

You may be interested in

/
/
/
/
/
/
/

Categories

Most popular tags