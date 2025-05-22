LOS ANGELES – A federal grand jury indictment unsealed Thursday revealed charges filed against Russian national Rustam Rafailevich Gallyamov alleging he developed and deployed the infamous Oakbot malware that infected thousands of computers and was used to extort victims around the world.

The 48-year-old Gallyamov has been charged with one count of conspiracy to commit computer fraud and abuse and one count of conspiracy to commit wire fraud and he is believed to be in Russia where he remains at-large detailed the U.S. Attorney's Office for the Central District of California in a press release.

If convicted, Gallyamov would face a statutory maximum sentence of 25 years in federal prison stated the U.S. Attorney's Office.

The image below of Gallyamov is Exhibit A in the indictment unsealed Thursday.

The Justice Department also filed a civil forfeiture complaint against more than $24 million in cryptocurrency seized from Gallyamov during the international investigation into his actions on Thursday shared the U.S. Attorney's Office.

The indictment and civil forfeiture complaint are the latest action taken by an globe-spanning law enforcement response to the network of infected computers -known as "botnet"- that in August of 2023 involved a U.S.-led technical and financial operation that disrupted the botnet network.

Even after that disruption, Oakbot conspirators continued to seek and gain unauthorized access to computers using other means including spam bomb attacks followed by posing as information technology workers to trick victims into executing malicious code detailed Thursday's civil forfeiture complaint.

Gallyanov -also known as "Cortes", "Tomperz", and "Chuck"- is the leader of a cybercriminal network that developed, deployed, and managed malicious software since 2008 that was used to install ransomware and gather information from computer users around the world detailed the indictment.

The indictment explained that the malicious software -or "malware"- was concealed within seemingly legitimate documents or links received by potential victims usually through spam email campaigns.

Victims were then allegedly extorted by ransomware groups that Gallyamov and his coconspirators had sold or would give access to so that those groups could demand ransoms from victims so they could regain access to their networks or prevent the sharing of their information explained the indictment.

According to the indictment unsealed Thursday, victims of the botnet network included a "Los Angeles Dental Office", a "Nebraska Technology Company", a "Maryland Insurance Company", and a "Tennessee Music Company" among others.

After a victim paid a ransom -usually in Bitcoin- a percentage of those ill-gotten gains were allegedly delivered to Gallyamov stated the civil forfeiture complaint.

Oakbot conspirators allegedly used multiple virtual currency transactions to launder the funds through decentralized services on the blockchain to avoid detection and tracing explained the civil forfeiture complaint.

According to the civil forfeiture complaint, law enforcement identified the cluster of depositing sources as belonging to ransomware actors and payments were allegedly directed to cryptocurrency wallets controlled by Gallyamov.