The US Department of Justice (DOJ) has filed a civil forfeiture complaint to seize over $24 million in cryptocurrency assets tied to Rustam Rafailevich Gallyamov, a Russian national accused of leading the development and distribution of the Qakbot malware.
In return, Gallyamov reportedly received a share of the ransom proceeds. The DOJ emphasized that this seizure reflects a continued international effort involving law enforcement agencies from the US, Europe, and Canada to disrupt cybercriminal networks.
According to the DOJ’s indictment, Gallyamov’s cyber operations intensified from 2019 onwards, as Qakbot was used to infiltrate thousands of systems and build an expansive botnet. Once compromised, these systems were handed off to ransomware operators.
These attacks reportedly included the use of Black Basta and Cactus ransomware to target victims in the United States. As part of the ongoing investigation, the FBI executed another seizure on April 25, 2025, retrieving over 30 BTC and more than $700,000 in stablecoins.
The DOJ credited this collaboration for enabling swift identification and disruption of Gallyamov’s operations. Assistant US Attorneys from the Central District of California and officials from the DOJ’s Computer Crime and Intellectual Property Section are leading the prosecution.
The forfeiture action against more than $24 million in virtual assets also demonstrates the Justice Department’s commitment to seizing ill-gotten assets from criminals in order to ultimately compensate victims.
Featured image created with DALL-E, Chart from TradingView
