US indicts Russian accused of running major global cybercrime ring
The crime group victimized people throughout the US and in various sectors of the economy, according to the indictment, from a dental office in Los Angeles to a music company in Tennessee.
In announcing the charges, the Justice Department said it was working to return to victims more than $24 million in cryptocurrency allegedly stolen by the Russian man and seized by the department.
It's the latest installment in a yearslong US law enforcement effort to make it more difficult for Russia-based criminals to extort and disrupt US critical infrastructure providers with ransomware attacks. On Wednesday, the Justice Department said it had seized the computer systems behind another prolific hacking tool whose mastermind is also allegedly based in Russia.
Russia and the US don't have an extradition treaty, and the Kremlin has been reluctant to pursue hackers on Russian soil as long as they don't attack Russian organizations, according to US officials.
The man indicted Thursday, Rustam Rafailevich Gallyamov, a 48-year-old based in Moscow, allegedly developed a piece of malicious software in 2008 that has been used to infect hundreds of thousands of computers in the US and globally. The malware, called Qakbot, was used in damaging ransomware attacks on health care agencies and government agencies worldwide, prosecutors have said.
Gallyamov often received a cut of the proceeds from ransomware attacks that other hackers carried out using Qakbot, according to the Justice Department. For the ransomware attack on the Tennessee music company, he received the equivalent of more than $300,000, the indictment says.
CNN has requested comment from the Russian Embassy in Washington, DC, on the charges.
The indictment provides a window into the resilient career path of an alleged cybercriminal. In 2023, the FBI and European law enforcement agencies dismantled a massive network of computers infected with Qakbot and seized millions of dollars belonging to the hackers.
Gallyamov responded to that bust by looking for other ways to make his malicious software available to cybercriminals conducting ransomware attacks, Akil Davis, assistant director in charge of the FBI's Los Angeles Field Office, said in a statement on Thursday. Gallyamov and associates allegedly started 'spam bombing' companies, or flooding their inboxes with subscription to newsletters, and then posing as IT support to offer to fix the problem, the indictment says.
The State Department in 2023 offered $10 million for information on people behind Qakbot. It's unclear if any confidential tips to the State Department led to Gallyamov's indictment. In some cases, federal prosecutors unseal an indictment when they aren't sure if a defendant will travel out of a country that doesn't have an extradition treaty with the US.
One of Gallyamov's primary customers was allegedly a ransomware gang known as Conti, which made at least $25 million from a flurry of attacks in a fourth-month span in 2021, according to crypto-tracking firm Elliptic. The ransomware gang used Gallyamov's hacking tool in attacks on a Wisconsin manufacturing firm and Nebraska tech company in the fall of 2021, according to the indictment.
The last mention of the Conti ransomware gang in the indictment is in late January 2022. A month later, Russia launched its full-scale invasion of Ukraine, and a Ukrainian leaked a trove of data on Conti in revenge for its support for the Russian government, forcing the criminal network to reconstitute. But Gallyamov allegedly moved on to other customers.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
an hour ago
- Yahoo
Ukraine and Russia strikes hit homes and oil depot near Black Sea
A Russian missile strike has destroyed homes and civilian infrastructure in Ukraine's southern city of Mykolaiv, local officials say. At least three civilians were reported injured in the city near the Black Sea, which has been repeatedly shelled by Russian forces. Ukraine's State Emergency Service posted photos of firefighters at the scene after the missile strike. Early on Sunday a massive oil depot fire was raging near Russia's Black Sea resort of Sochi - blamed by the Russian authorities on a Ukrainian drone attack. Sochi's airport in the same area - Adler district - suspended flights. Krasnodar Region Governor Veniamin Kondratyev said on Telegram that drone debris had hit a fuel tank, and 127 firefighters were tackling the blaze. The drone attack was one of several launched by Ukraine over the weekend, targeting installations in the southern Russian cities of Ryazan, Penza and Voronezh. The governor of Voronezh said four people were injured in one drone strike. Ukrainian President Volodymyr Zelensky called for stronger international sanctions on Russia this week after a deadly attack on Kyiv on Thursday killed at least 31 people. More than 300 drones and eight cruise missiles were launched in the assault, Ukrainian officials said, making the attack one of the deadliest on the capital since Russia launched its full-scale invasion in February 2022.
CNN
an hour ago
- CNN
Ukrainian drone attack sparks fire in Russia's former Olympic city, governor says
More than 120 firefighters were trying to extinguish a blaze at an oil depot in the Russian city of Sochi that was sparked by a Ukrainian drone attack, regional Governor Veniamin Kondratyev said early on Sunday on the Telegram messaging app. In the Krasnodar region on the Black Sea where Sochi is located, a fuel tank with a capacity of 2,000 cubic meters (70,000 cubic feet) was on fire, Russia's RIA news agency reported, citing emergency officials. The Russian defense ministry said in its daily morning report on Telegram that its air defense units destroyed 93 Ukrainian drones overnight, including one over the Krasnodar region and 60 over the waters of the Black Sea. The ministry reports only how many drones its units destroy, not how many Ukraine launched. Rosaviatsia, Russia's civil aviation authority, temporarily halted flights at Sochi's airport to ensure air safety before saying on Telegram that flights resumed as of 0200 GMT on Sunday (10 p.m. ET, Saturday). Reuters could not independently verify the reports. There was no immediate comment from Ukraine. The attack, which Kondratyev said was in the Adler district of the coastal resort city, would be Ukraine's latest on infrastructure inside Russia that Kyiv deems key to Moscow's war efforts. A woman was killed in the Adler district in a Ukrainian drone attack late last month, but attacks on Sochi, which hosted the 2014 Olympic Winter Games, have been infrequent in the war that Russia launched in February 2022. The Krasnodar region is home to the Ilsky refinery near the city of Krasnodar, among the largest in southern Russia and a frequent target of Ukraine's drone attacks. Also on Sunday, the governor of Voronezh region in southern Russia said four people were injured in a Ukrainian drone strike that caused several fires, while Russia launched a missile attack on Kyiv, according to the military administration of the Ukrainian capital. The Russian defense ministry said that its units destroyed 18 Ukrainian drones over the Voronezh region that borders Ukraine.
an hour ago
Senate confirms former Fox News host Pirro as top federal prosecutor for the nation's capital
WASHINGTON -- The Senate has confirmed former Fox News host Jeanine Pirro as the top federal prosecutor for the nation's capital, filling the post after President Donald Trump withdrew his controversial first pick, conservative activist Ed Martin Jr. Pirro, a former county prosecutor and elected judge, was confirmed 50-45. Before becoming the acting U.S. Attorney for the District of Columbia in May, she co-hosted the Fox News show 'The Five' on weekday evenings, where she frequently interviewed Trump. Trump yanked Martin's nomination after a key Republican senator said he could not support him due to Martin's outspoken support for rioters who stormed the U.S. Capitol on Jan. 6, 2021. Martin now serves as the Justice Department's pardon attorney. In 2021, voting technology company Smartmatic USA sued Fox News, Pirro and others for spreading false claims that the company helped 'steal' the 2020 presidential election from Trump. The company's libel suit, filed in a New York state court, sought $2.7 billion from the defendants. Last month, Republican members of the Senate Judiciary Committee voted unanimously to send Pirro's nomination to the Senate floor after Democrats walked out to protest Emil Bove's nomination to become a federal appeals court judge. Pirro, a 1975 graduate of Albany Law School, has significantly more courtroom experience than Martin, who had never served as a prosecutor or tried a case before taking office in January. She was elected as a judge in New York's Westchester County Court in 1990 before serving three terms as the county's elected district attorney. In the final minutes of his first term as president, Trump issued a pardon to Pirro's ex-husband, Albert Pirro, who was convicted in 2000 on conspiracy and tax evasion charges.
