Who is Rustam Rafailevich Gallyamov?

Rustam Rafailevich Gallyamov, 48, of Moscow, is accused of leading a group of cybercriminals who developed and deployed Qakbot malware.

What charges were filed against Gallyamov?

Gallyamov faces charges of conspiracy and conspiracy to commit wire fraud, along with a complaint for the forfeiture of over $24 million in seized funds.

What is the significance of the DanaBot malware?

DanaBot emerged in 2018 to steal banking credentials and has evolved to enable wider information stealing, affecting over 300,000 computers worldwide.

What operation targeted DanaBot and its developers?

The charges against the DanaBot developers are part of Operation Endgame, an international campaign aimed at disrupting cybercriminal operations globally.

How many victims were affected by DanaBot?

DanaBot remained highly operational through 2025, with approximately 1,000 daily victims across more than 40 countries.

Editorial & Advertiser disclosure

Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Headlines > US indicts Russian accused of ransomware attacks

Headlines

US indicts Russian accused of ransomware attacks

Published by Global Banking & Finance Review®

Posted on May 22, 2025

2 min read

Last updated: January 23, 2026

US indicts Russian accused of ransomware attacks - Headlines news and analysis from Global Banking & Finance Review

US Charges Russian National for Leading Ransomware Operations

By AJ Vicens

(Reuters) -The U.S. Department of Justice on Thursday unsealed charges against a Russian national accused of leading the development and deployment of malicious software that infected thousands of computers over more than a decade.

Rustam Rafailevich Gallyamov, 48, of Moscow, led a group of cybercriminals who developed and deployed Qakbot, a name for software that could be used to infect computers with additional malware, such as ransomware, as well as to conscript the computer into a botnet - or group of compromised computers and devices controlled remotely - to be used for additional malicious purposes, according to a DOJ statement.

Prosecutors also made public a complaint seeking the forfeiture of more than $24 million in cryptocurrency and traditional funds seized over the course of the investigation, the DOJ said.

The charges of conspiracy and conspiracy to commit wire fraud come a year and a half after an international law enforcement operation disrupted Qakbot infrastructure. Gallyamov continued cybercriminal activities after the disruption, prosecutors said, as recently as January 2025.

Gallyamov did not immediately respond to a request for comment. The DOJ statement did not indicate his whereabouts.

Also on Thursday, federal prosecutors in Los Angeles unsealed charges against 16 people accused of developing and deploying the DanaBot malware, which was used to infect more than 300,000 computers worldwide and cause at least $50 million in damage, according to a DOJ statement.

The DanaBot charges are part of Operation Endgame, an international law enforcement and private-sector campaign targeting cybercriminal operators and infrastructure around the world.

DanaBot emerged in 2018 as malware to steal banking credentials and other information, but evolved to enable wider information stealing and establish access for follow-on activity, according to researchers with Lumen’s Black Lotus Labs, who participated in Operation Endgame.

DanaBot remained “highly operational through 2025,” the researchers wrote in a blog post, with roughly 1,000 daily victims across more than 40 countries.

(Reporting by AJ Vicens in Detroit; Additional reporting by Anton Zverev in London; Editing by Matthew Lewis)

US indicts Russian accused of ransomware attacks

Quick Summary

US Charges Russian National for Leading Ransomware Operations

Key Takeaways

Frequently Asked Questions about US indicts Russian accused of ransomware attacks