The alleged leader of the cybercriminal gang behind the Qakbot malware, which was used by many high-profile ransomware gangs, has been indicted by the U.S. Justice Department. 

Russian national Rustam Gallyamov, 48, allegedly created the software in 2008, which until its disruption was believed to have infected more than 700,000 computers. 

In August 2023, the Justice Department announced a multinational operation involving France, Germany, the Netherlands, the United Kingdom, Romania and Latvia to take down the botnet and to delete its code from infected computers. 

According to the indictment, Gallyamov handed over access to victims’ devices to co-conspirators who infected computers with various strains of ransomware. In return, he was paid a portion of the collected funds. Victims included a Los Angeles dental office, a technology company from Nebraska, a manufacturer in Wisconsin and a Canadian real estate company, among others. 

Ransomware gangs including Conti, REvil, Black Basta and Dopplepaymer made use of the malware in their campaigns, according to the indictment.

After the Qakbot takedown, Gallyamov’s group allegedly shifted tactics, instead launching “spam bomb” attacks targeting employees at companies in order to trick them into granting access to networks. 

In conjunction with the indictment, the Justice Department also announced a civil forfeiture complaint on Thursday against funds seized from Gallyamov, which are worth more than $24 million.

The investigation was led by the FBI’s Los Angeles office, in partnership with investigators in Germany, Netherlands and France. 

Also on Thursday, the DOJ unsealed a grand jury indictment and criminal complaint charging 16 people with creating and deploying the DanaBot malware. In the hands of a Russian cybercrime group, the malware infected more than 300,000 devices globally and caused at least $50 million in damage, the indictment alleged.