US Dakwa Warga Rusia Atas Serangan Ransomware, Sita Lebih Dari Rp389 Miliar
JAKARTA The United States Department of Justice (DOJ) on Thursday, May 23 uncovered charges against a Russian citizen accused of masterminding the development and deployment of malicious software (malware) that has infected thousands of computers for more than a decade.
The suspect named Rustam Rafailevich Gallyamov, 48, is from Moscow. He leads a cyber crime group that creates and runs Qakbot malware, according to an official DOJ statement. This malware is used to inject additional malicious programs such as ransomware, as well as convert the victim's computer into part of a remote controlled device botnet network for other malicious activities.
In this investigation, the prosecutor also filed a claim for confiscation of assets of more than US$24 million (equivalent to Rp389 billion) in the form of crypto and traditional funds that were confiscated during the investigation process.
Gallyamov was charged with conspiracy and fraud through an electronic network (wire fraud). This indictment emerged about a year and a half after the international law enforcement operation succeeded in disrupting Qakbot infrastructure. Even so, Gallyamov continued his criminal activities until January 2025, according to prosecutors.
Until this news was published, Gallyamov had not yet responded to the indictment. DOJ did not reveal his current whereabouts.
Endgame Operation
On the same day, federal prosecutors in Los Angeles also announced charges against 16 people suspected of being involved in the development and deployment of DanaBot malware. The malware is known to have infected more than 300,000 computers worldwide, causing losses of more than $50 million, according to a DOJ statement.
The indictment is part of Operation Endgame, an international law enforcement campaign that involves cooperation between law enforcement officials and the private sector, to eradicate cybercriminal networks and their infrastructure in various countries.
DanaBot first emerged in 2018 as malware for stealing banking data. But over time, this malware has grown into a broader means of information theft and provides access to continued crime activities. According to research from Lumen's Black Lotus Labs, which is also involved in Operation Endgame, DanaBot is still active until 2025 with around 1,000 daily victims in more than 40 countries.