A multinational operation has successfully seized over $24 million in cryptocurrency from Rustam Rafailevich Gallyamov, a 48-year-old Russian cyber criminal known for his involvement with the Qakbot malware.

Gallyamov began developing Qakbot, also referred to as Qbot and Pinkslipbot, in 2008, creating a vast network of infected computers that has been used for various cybercriminal activities.

The indictment against Gallyamov underscores the Department of Justice's ongoing efforts to combat cybercrime and hold individuals accountable for exploiting technology for malicious purposes.

His operation has been linked to several notorious ransomware groups, including Prolock, DoppelPaymer, and REvil, with Gallyamov reportedly profiting significantly from these attacks.

Notably, he received over $300,000 from a single ransomware attack on a Tennessee music company, illustrating the financial impact of his cyber activities.

Despite the FBI dismantling the Qakbot botnet in 2023, Gallyamov continued to operate, employing 'spam bombing' tactics to compromise victim systems as recently as January 2025.

Following the takedown of the botnet, Gallyamov and his crew adapted their strategies, shifting to spam attacks to trick organizations into installing malware.

The investigation was part of Operation Endgame, a global initiative involving law enforcement agencies from multiple countries, aimed at dismantling cybercriminal networks.

Gallyamov is currently charged with conspiracy to commit computer fraud and wire fraud but remains at large in Russia, complicating efforts for his arrest.

Federal prosecutors are actively seeking to seize approximately $24 million in digital assets linked to Gallyamov, who faces up to 25 years in prison if apprehended.

The FBI has reported that Qakbot-related crimes have caused hundreds of millions of dollars in damages, with an estimated 200,000 infected computers located in the U.S.

Matthew R. Galeotti from the Justice Department has emphasized the commitment to holding cybercriminals accountable and disrupting their activities through all available legal means.