Russian national Rustam Rafailevich Gallyamov led the Qakbot botnet malware operation, compromising over 700,000 computers and enabling numerous ransomware attacks. The compromises caused hundreds of millions of dollars in damage, with financial damages exceeding $58 million in just 18 months. The Qakbot botnet was dismantled by the FBI in 2023, but Gallyamov continued malicious operations until January 2025. Over $24 million in digital assets were seized, along with additional illegal assets worth over $4 million.
TPRM report: https://scoringcyber.rankiteo.com/company/loyalsource
"id": "loy317052325",
"linkid": "loyalsource",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': None,
'industry': None,
'location': None,
'name': None,
'size': None,
'type': ['Private companies',
'Healthcare providers',
'Government agencies']}],
'attack_vector': ['Banking Trojan',
'Worm',
'Malware Dropper',
'Backdoor',
'Keylogger'],
'date_detected': '2008',
'date_resolved': '2023',
'description': 'Rustam Rafailevich Gallyamov, a Russian national, has been '
'indicted for his role in the Qakbot botnet malware operation, '
'which compromised over 700,000 computers and enabled numerous '
'ransomware attacks.',
'impact': {'financial_loss': '$58 million in 18 months',
'systems_affected': 'Over 700,000 computers'},
'investigation_status': 'Ongoing',
'motivation': 'Financial Gain',
'ransomware': {'ransomware_strain': ['Conti',
'ProLock',
'Egregor',
'REvil',
'RansomExx',
'MegaCortex',
'Doppelpaymer',
'Black Basta',
'Cactus']},
'references': [{'date_accessed': None,
'source': 'Court documents',
'url': None}],
'regulatory_compliance': {'legal_actions': ['Indictment',
'Forfeiture Complaint']},
'response': {'law_enforcement_notified': 'Yes'},
'threat_actor': 'Rustam Rafailevich Gallyamov',
'title': 'Indictment of Rustam Rafailevich Gallyamov for Qakbot Botnet '
'Operations',
'type': 'Malware'}