US indicts leader of Qakbot botnet linked to ransomware attacks

The U.S. government has indicted Russian national Rustam Rafailevich Gallyamov, the leader of the Qakbot botnet malware operation that compromised over 700,000 computers and enabled ransomware attacks. As per court documents, Gallyamov started to develop Qakbot (also known as Qbot and Pinkslipbot) in 2008 and deployed it to create a network of thousands of infected computers. Over time, a team of developers was formed around Qakbot but the indictment notes that other malware was also created under Gallyamov’s leadership. For about a decade, Gallyamov used Qakbot as a banking trojan with worm capabilities, malware dropper, or backdoor that could also record keystrokes. Starting in 2019, Qakbot became the initial infection vector in many ransomware attacks from infamous gangs such as Conti, ProLock, Egregor, REvil, RansomExx, MegaCortex, Doppelpaymer, Black Basta, and Cactus. For providing initial access, Gallyamov allegedly received a portion of the ransom paid by the victims. The ... Read full article.