World

US indicts Russian accused of ransomware attacks

By AJ Vicens
FILE PHOTO: A hand is seen on a laptop with binary code displayed on the screen in front of a Russian flag in this picture illustration created on August 19, 2022. REUTERS/Dado Ruvic/Illustration/File Photo

(Reuters) -The U.S. Department of Justice on Thursday unsealed charges against a Russian national accused of leading the development and deployment of malicious software that infected thousands of computers over more than a decade.

Rustam Rafailevich Gallyamov, 48, of Moscow, led a group of cybercriminals who developed and deployed Qakbot, a name for software that could be used to infect computers with additional malware, such as ransomware, as well as to conscript the computer into a botnet - or group of compromised computers and devices controlled remotely - to be used for additional malicious purposes, according to a DOJ statement.

Prosecutors also made public a complaint seeking the forfeiture of more than $24 million in cryptocurrency and traditional funds seized over the course of the investigation, the DOJ said.

The charges of conspiracy and conspiracy to commit wire fraud come a year and a half after an international law enforcement operation disrupted Qakbot infrastructure. Gallyamov continued cybercriminal activities after the disruption, prosecutors said, as recently as January 2025.

Gallyamov did not immediately respond to a request for comment. The DOJ statement did not indicate his whereabouts.

Also on Thursday, federal prosecutors in Los Angeles unsealed charges against 16 people accused of developing and deploying the DanaBot malware, which was used to infect more than 300,000 computers worldwide and cause at least $50 million in damage, according to a DOJ statement.

The DanaBot charges are part of Operation Endgame, an international law enforcement and private-sector campaign targeting cybercriminal operators and infrastructure around the world.

DanaBot emerged in 2018 as malware to steal banking credentials and other information, but evolved to enable wider information stealing and establish access for follow-on activity, according to researchers with Lumen’s Black Lotus Labs, who participated in Operation Endgame.

DanaBot remained “highly operational through 2025,” the researchers wrote in a blog post, with roughly 1,000 daily victims across more than 40 countries.

(Reporting by AJ Vicens in Detroit; Additional reporting by Anton Zverev in London; Editing by Matthew Lewis)

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In World
Trump fires Homeland Security Secretary Kristi Noem amid criticism over immigration enforcement
Three Australians were aboard US submarine that sank Iranian ship, PM Albanese says
US not expanding military objectives in Iran, Hegseth says
Trump: want to finish Iran then Cuba 'question of time'
Chinese investments crucial to Hungary's economy: Hungarian FM
U.S. stocks close lower
Roundup: Rising energy prices weigh on Dutch households, economy
Crude futures settle higher
U.S. dollar ticks up
Iceland to propose holding EU referendum during autumn, broadcaster RUV reports

Trending in News

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.