The U.S. authorities has indicted Russian nationwide Rustam Rafailevich Gallyamov, the chief of the Qakbot botnet malware operation that compromised over 700,000 computer systems and enabled ransomware assaults.
As per courtroom paperwork, Gallyamov began to develop Qakbot (often known as Qbot and Pinkslipbot) in 2008 and deployed it to create a community of 1000’s of contaminated computer systems.
Over time, a crew of builders was fashioned round Qakbot however the indictment notes that different malware was additionally created underneath Gallyamov’s management.
For a couple of decade, Gallyamov used Qakbot as a banking trojan with worm capabilities, malware dropper, or backdoor that might additionally document keystrokes.
Beginning in 2019, Qakbot grew to become the preliminary an infection vector in lots of ransomware assaults from notorious gangs comparable to Conti, ProLock, Egregor, REvil, RansomExx, MegaCortex, Doppelpaymer, Black Basta, and Cactus.
For offering preliminary entry, Gallyamov allegedly obtained a portion of the ransom paid by the victims. The cost various based mostly on an association with every ransomware group.
Over $24 million seized in digital property
In response to the indictmentQakbot infections led to lots of of ransomware victims throughout the globe. The checklist consists of non-public corporations, healthcare suppliers, and authorities businesses.
The compromises brought about lots of of thousands and thousands of {dollars} in injury. In simply 18 months, monetary damages exceeded $58 million.
In 2023, the Qakbot botnet was dismantled by the FBI, after hacking components of its infrastructure and taking management of 1 laptop utilized by a Qakbot administrator.
Regardless of this, Gallyamov continued malicious operations and “orchestrated spam bomb assaults in opposition to victims in america as not too long ago as January 2025.”
Earlier as we speak, the Justice Division filed a forfeiture criticism in opposition to greater than $24 million in cryptocurrency seized from Gallyamov in the course of the investigation.
Final month, the FBI seized extra unlawful property – 30 bitcoins and $700,000 in USDT tokens, price greater than $4 million at as we speak’s trade charge.
Regulation enforcement actions have been taken at the side of Operation Endgame, a global effort that led to seizing greater than 100 servers utilized by a number of botnets and malware loaders (e.g. IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC).
Based mostly on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and the right way to defend in opposition to them.
