US Charges Alleged Qakbot Botnet Ringleader in Major Ransomware Crackdown

Alleged cybercriminal kingpin behind Qakbot malware faces U.S. indictment after years of worldwide ransomware attacks.

Russian national accused of decade-long cybercrime operation

US authorities have formally charged Rustam Rafailevich Gallyamov, a Russian national, with orchestrating a long-running malware campaign that compromised over 700,000 computers worldwide.

Prosecutors allege the suspect was instrumental in developing and managing the infamous Qakbot botnet, which has been linked to numerous ransomware attacks over the past decade.

Gallyamov remains at large as law enforcement agencies continue their pursuit.

Initially launched in 2008, Qakbot, also known as Qbot and Pinkslipbot, was designed as a banking trojan but evolved into a malicious multipurpose tool. The malware allowed threat actors to achieve nefarious aims, such as remote access, keylogging, or deploying additional malicious software.

Ransomware gateway for notorious threat groups

By 2019, Qakbot had evolved into a go-to tool for cybercrime syndicates, serving as a convenient entry point for devastating ransomware campaigns. Infamous groups such as Revil, Cont, and Black Basta exploited Qakbot to breach corporate and government systems.

Gallyamov allegedly took a cut of each ransom payment, with revenue-sharing arrangements varying among the ransomware groups.

Qakbot’s global impact was severe, with victims ranging from hospitals and tech companies to public institutions. US officials estimate that, in just 18 months, the malware dealt more than $58 million in damages.

Millions in crypto seized in global crackdown

Although the FBI disrupted Qakbot’s infrastructure in 2023, Gallyamov allegedly continued operations into 2025, including orchestrating spam-based cyberattacks. Recent actions led to the seizure of over $24 million in digital currencies tied to his activities.

The charges were announced alongside “Operation Endgame,” a multinational campaign that dismantled over 100 criminal servers used by Qakbot and other malware, including Trickbot and Smokeloader. Investigators also confiscated 30 bitcoins and nearly $700,000 in USDT in April alone.

Staying safe from botnets

Unfortunately, botnets continue to pose a serious threat in today’s cyber landscape. Whether it’s a swarm of infected devices targeting your systems or your own computer being silently zombified and turned into a node within a botnet, the danger is real and persistent.

Specialized software like Bitdefender Ultimate Security can keep you safe from botnets and other digital threats, including zero-day exploits, viruses, trojans, worms, spyware, ransomware, and rootkits.

Its key features include complete, real-time data protection, behavioral detection for active apps, network threat prevention, cryptojacking protection, multi-layer ransomware protection and AI-fueled scam detection.