The U.S. Department of Justice (DOJ) recently seized over $24 million in cryptocurrency from Rustam Rafailevich Gallyamov, a Russian national accused of developing the notorious Qakbot malware. The announcement came on May 22, revealing criminal charges against the 48-year-old Moscow resident.

Qakbot, a powerful malware program developed and operated by Gallyamov since at least 2008, infected thousands of computers worldwide. Once infected, these computers formed a vast botnet, giving criminals remote control and enabling them to launch widespread ransomware attacks.

The DOJ's aggressive move against Gallyamov underscores the government’s ongoing commitment to combating cybercrime. Matthew Galeotti, head of the DOJ’s criminal division, emphasized the determination to pursue cybercriminals relentlessly. Galeotti warned that the DOJ would utilize every available legal tool to identify perpetrators, seize illegal assets, and disrupt criminal activities.

U.S. Attorney Bill Essayli highlighted that this seizure of cryptocurrency is part of a broader strategy aimed at disrupting cybercriminal networks and compensating their victims. FBI Assistant Director Akil Davis confirmed that although the Qakbot botnet was dismantled by the FBI in 2023, Gallyamov reportedly adapted by developing alternative methods to continue distributing malware.

Historically, Qakbot has been instrumental in facilitating global ransomware attacks, including Prolock, Dopplepaymer, REvil, Conti, and Black Basta. After the botnet disruption, authorities seized over 170 Bitcoin and more than $4 million worth of stablecoins from Gallyamov. Despite this setback, he and his associates allegedly adopted new techniques to keep their cybercrime network operational.

This major crackdown sends a clear message to cybercriminals worldwide: the DOJ remains vigilant and committed to dismantling illegal online operations, seizing illicit funds, and prosecuting those responsible.