ISTANBUL
A US federal indictment has charged a Russian national with leading a global cybercrime operation that inflicted hundreds of millions of dollars in damages on victims worldwide.
According to the indictment unsealed on Thursday, the cybercriminal group targeted individuals and businesses across the US in multiple industries -- from a dental clinic in Los Angeles, California to a music company in the state of Tennessee.
The Justice Department, in announcing the charges, said it has seized over $24 million in cryptocurrency allegedly stolen by the suspect and is working to return the funds to the victims.
This case is the latest in a long-running US campaign to crack down on Russia-based hackers responsible for ransomware attacks that threaten American critical infrastructure. Just a day earlier, authorities announced the takedown of another major hacking tool reportedly run by a Russia-based individual.
Since the US and Russia do not have an extradition agreement, and Russian authorities are often unwilling to prosecute cybercriminals unless they target domestic entities, bringing suspects to justice remains challenging.
The indicted 48-year-old man living in Moscow, Rustam Rafailevich Gallyamov, is accused of creating malicious software in 2008 known as Qakbot, which infected hundreds of thousands of computers globally. Prosecutors say the malware was used in ransomware attacks on healthcare providers and government institutions around the world.
According to the US Justice Department, Gallyamov profited from ransomware attacks carried out by other hackers using his malware Qakbot.
In one instance, he allegedly earned over $300,000 from a ransomware attack on a music company in Tennessee.
Despite the FBI and European law enforcement dismantling the Qakbot botnet in 2023 and seizing millions from the hackers, Gallyamov allegedly continued facilitating cyberattacks.
He is accused of adjusting his methods, including launching “spam bombing” campaigns -- overloading inboxes with newsletter subscriptions and then posing as IT support to gain access.
In 2023, the US State Department offered a $10 million reward for information leading to those behind Qakbot. It is unknown if any tips led directly to Gallyamov’s indictment. Often, such indictments are unsealed when suspects are unlikely to leave countries that lack extradition treaties with the US, like Russia.
Russia has yet to respond to the US indictment.