World

US indicts Russian accused of ransomware attacks

By AJ Vicens
FILE PHOTO: A hand is seen on a laptop with binary code displayed on the screen in front of a Russian flag in this picture illustration created on August 19, 2022. REUTERS/Dado Ruvic/Illustration/File Photo

(Reuters) -The U.S. Department of Justice on Thursday unsealed charges against a Russian national accused of leading the development and deployment of malicious software that infected thousands of computers over more than a decade.

Rustam Rafailevich Gallyamov, 48, of Moscow, led a group of cybercriminals who developed and deployed Qakbot, a name for software that could be used to infect computers with additional malware, such as ransomware, as well as to conscript the computer into a botnet - or group of compromised computers and devices controlled remotely - to be used for additional malicious purposes, according to a DOJ statement.

Prosecutors also made public a complaint seeking the forfeiture of more than $24 million in cryptocurrency and traditional funds seized over the course of the investigation, the DOJ said.

The charges of conspiracy and conspiracy to commit wire fraud come a year and a half after an international law enforcement operation disrupted Qakbot infrastructure. Gallyamov continued cybercriminal activities after the disruption, prosecutors said, as recently as January 2025.

Gallyamov did not immediately respond to a request for comment. The DOJ statement did not indicate his whereabouts.

Also on Thursday, federal prosecutors in Los Angeles unsealed charges against 16 people accused of developing and deploying the DanaBot malware, which was used to infect more than 300,000 computers worldwide and cause at least $50 million in damage, according to a DOJ statement.

The DanaBot charges are part of Operation Endgame, an international law enforcement and private-sector campaign targeting cybercriminal operators and infrastructure around the world.

DanaBot emerged in 2018 as malware to steal banking credentials and other information, but evolved to enable wider information stealing and establish access for follow-on activity, according to researchers with Lumen’s Black Lotus Labs, who participated in Operation Endgame.

DanaBot remained “highly operational through 2025,” the researchers wrote in a blog post, with roughly 1,000 daily victims across more than 40 countries.

(Reporting by AJ Vicens in Detroit; Additional reporting by Anton Zverev in London; Editing by Matthew Lewis)

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In World
US-sanctioned tankers pass Strait of Hormuz on first day of US blockade, data shows
US, Iranian teams could return to Islamabad for peace talks this week, five sources say
Iran to allocate part of oil revenues for reconstruction after attacks, minister says
South Korea to start building Sejong presidential office in August 2027
Exclusive-US officials underwhelmed by French far-right's plans for economy
Russian drones hit Ukrainian port, damage Panama-flagged vessel, officials say
Prince Harry and Meghan arrive in Australia to a muted welcome
Colombia's Petro walks back 100% tariffs on Ecuadorean goods
Trump vows US will sink any Iran boats that challenge blockade
Trump deletes Jesus post of himself after outcry

Trending in News

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.