US sues Russians for running global cybercriminal network

US sues Russians for running global cybercriminal network

A US federal court on Thursday released an indictment against a Russian man accused of leading a global cybercriminal organization. This gang has caused hundreds of millions of dollars in damage worldwide.

Scope of cybercrime

The investigation shows that the group targeted people across the United States and various sectors of the economy. This ranged from a dentist's office in Los Angeles to a music company in Tennessee.

Compensation for the victims

As part of the indictment, the US Department of Justice announced that it is working to return to victims more than $24 million in cryptocurrencies allegedly stolen from the Russian and confiscated by the department.

US measures against cybercrime

This is part of a years-long U.S. law enforcement effort aimed at making it harder for Russia-based criminals to extort and disrupt American critical infrastructure providers with ransomware attacks. On Wednesday, the Justice Department announced that it had seized the computer systems behind another high-profile hacking tool, also believed to be masterminded by Russia.

Russia and the extradition of criminals

The United States and Russia do not have an extradition treaty, and the Kremlin has shown reluctance to prosecute hackers on Russian soil as long as they do not attack Russian organizations, U.S. officials said.

The role of Rustam Gallyamov

Indicted Thursday, Rustam Rafailevich Gallyamov, a 48-year-old from Moscow, is accused of developing malicious software called Qakbot in 2008 that was used to infect hundreds of thousands of computers in the United States and worldwide. This malware was used in damaging ransomware attacks on health departments and government agencies, prosecutors report.

Ransomware and financial gain

Gallyamov often received a share of the proceeds from ransomware attacks that other hackers carried out using Qakbot. He received more than $300,000 for the ransomware attack on the Tennessee music company, according to the indictment.

Reactions and further measures

CNN has contacted the Russian Embassy in Washington D.C. asked for comment on the allegations. The indictment offers a glimpse into the resilient career of an alleged cybercriminal. In 2023, the FBI and European law enforcement agencies dismantled a vast network of Qakbot-infected computers and seized millions of dollars belonging to the hackers.

Hidden methods of cybercriminals

After that bust, Gallyamov apparently looked for new ways to offer his malicious software to cybercriminals carrying out ransomware attacks. He and his accomplices allegedly began bombarding companies with spam and posing as IT support to fix the problem, according to the indictment.

Rewards for information

The State Department offered a $10 million reward in 2023 for information about those behind Qakbot. It is unclear whether confidential tips led to Gallyamov's indictment. In some cases, indictments are made public when it is uncertain whether a defendant is traveling to a country that does not have an extradition treaty with the United States.

The connections to ransomware groups

Among Gallyamov's main customers was apparently the Conti ransomware gang, which netted at least $25 million from a series of attacks over a short four-month period in 2021, according to crypto tracking firm Elliptic. This gang used Gallyamov's hacking tool in attacks on a manufacturing company in Wisconsin and a technology company in Nebraska in the fall of 2021.

The effects of the Ukraine conflict

The last mention of the Conti ransomware group in the indictment dates from late January 2022. A month later, Russia launched its full-scale invasion of Ukraine, and a Ukrainian hacker leaked a wealth of data about Conti in retaliation for his support of the Russian government. This forced the criminal network to re-establish itself, but Gallyamov apparently turned to other clients.