U.S. Government Indicts Qakbot Botnet Leader Connected to Ransomware Operations
The U.S. government has formally charged Russian national Rustam Rafailevich Gallyamov, the mastermind behind the Qakbot botnet operation, which has compromised over 700,000 computers and facilitated numerous ransomware attacks.
Court documents reveal that Gallyamov began developing Qakbot—also referred to as Qbot or Pinkslipbot—in 2008, establishing a vast network of infected computers. Over the years, he led a team of developers in enhancing Qakbot, with the indictment indicating that it also spurred the creation of additional malware.
For nearly a decade, Gallyamov utilized Qakbot as a banking trojan equipped with worm capabilities, functioning both as a malware dropper and a backdoor for recording keystrokes. Beginning in 2019, Qakbot served as the initial infection vector for numerous ransomware attacks launched by notorious groups, including Conti, ProLock, Egregor, REvil, RansomExx, MegaCortex, Doppelpaymer, Black Basta, and Cactus. In return for providing initial access to victims, Gallyamov reportedly received a share of the ransom payments—structured individually with each ransomware organization.
Significant Financial Impact
According to the indictment, Qakbot infections have resulted in widespread ransom demands affecting various sectors, including private companies, healthcare providers, and government entities. The damages have accumulated to hundreds of millions of dollars, with financial losses exceeding $58 million within an 18-month timeframe.
In 2023, U.S. law enforcement dismantled the Qakbot botnet, successfully compromising parts of its operational infrastructure and gaining control of a computer managed by a Qakbot administrator. Despite these efforts, Gallyamov continued to conduct malicious operations, orchestrating spam campaigns targeting U.S. victims as recently as January 2025.
Recently, the Justice Department initiated a forfeiture complaint seeking the recovery of over $24 million in cryptocurrency seized from Gallyamov during the investigation. Additionally, last month, the FBI confiscated further illicit assets, including 30 bitcoins and $700,000 in USDT tokens, valued at over $4 million at current exchange rates.
Law enforcement efforts are part of Operation Endgame, an international initiative that has successfully led to the seizure of more than 100 servers linked to various botnets and malware loaders, such as IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC.
The FBI has issued a warning regarding an extortion group known as the Silent Ransom Group, which has been actively…
The inadvertent exposure of data due to misconfigured or improperly secured databases represents a long-standing challenge in privacy and information…
A significant law enforcement initiative has successfully dismantled critical initial access malware used in orchestrating ransomware attacks. This operation, coordinated…
Signal has made significant enhancements to its Windows application aimed at safeguarding user privacy by preventing Microsoft’s AI-driven Recall feature…
The recent breach at Coinbase has had significant implications, affecting approximately 70,000 customers. This alarming development was officially reported by…
Anthropic is reportedly advancing its efforts with new AI models labeled Claude Sonnet 4 and Opus 4, following recent clues…
Ransomware groups are increasingly leveraging a sophisticated malware known as Skitnet, also referred to as “Bossnet,” to conduct stealthy post-exploitation…
Scammers are leveraging counterfeit artificial intelligence tools and Facebook advertisements to disseminate Noodlophile Stealer malware, specifically targeting users through deception…
Signal has made significant enhancements to its Windows application aimed at safeguarding user privacy by preventing Microsoft’s AI-driven Recall feature…