Guilty Plea of Yanluowang Ransomware Initial Access Broker
Aleksei Olegovich Volkov, a Russian national operating under the alias 'chubaka.kor', pleaded guilty to hacking into U.S. companies and selling network access to ransomware groups, specifically those deploying the Yanluowang ransomware. Volkov used various techniques to compromise employee accounts, escalate privileges, and then brokered access to other cybercriminals, facilitating ransomware attacks on at least seven U.S. organizations, including a bank, a telecommunications company, and an engineering firm. Court documents reveal that two of the victims paid ransoms totaling $1.5 million in Bitcoin, with Volkov receiving a portion of the proceeds.
Volkov's activities spanned from July 2021 to November 2022, after which the Yanluowang group ceased operations following a hack and leak of their internal data. He was arrested in 2024 after relocating to Rome and subsequently extradited to the United States, where he now faces up to 50 years in prison and fines up to $1 million, along with restitution to victims. The case highlights the significant role of initial access brokers in enabling ransomware operations and the ongoing law enforcement efforts to disrupt such cybercriminal supply chains.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Volkov pleads guilty in US court
Volkov pleaded guilty in the United States to hacking US companies and selling network access to affiliates who later deployed Yanluowang ransomware. He now faces up to 50 years in prison, fines of up to $1 million, and restitution.
Volkov extradited to the United States
Following his 2024 arrest in Rome, Volkov was extradited to the United States to face charges related to hacking US companies and facilitating Yanluowang ransomware intrusions.
Volkov arrested in Rome
After moving to Rome, Volkov was arrested in 2024 in connection with the US case involving hacking and the sale of access to ransomware affiliates.
Yanluowang affiliates receive access to seven US victims
Between July 2021 and November 2022, Volkov was tied to intrusions at seven US companies and sold access that was later used by Yanluowang ransomware affiliates. Two victims ultimately paid a combined $1.5 million in Bitcoin, from which Volkov received a share.
Volkov begins hacking US companies and brokering access
Court documents say Aleksei Olegovich Volkov, known as chubaka.kor, began operating as an initial access broker in July 2021, hacking US companies and selling network access to affiliates linked to Yanluowang ransomware.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Guilty Plea of Yanluowang Ransomware Initial Access Broker
Aleksei Olegovich Volkov, a Russian national, pleaded guilty in the United States to charges related to his role as an initial access broker (IAB) for the Yanluowang ransomware group. Volkov provided access to at least seven U.S. organizations between July 2021 and November 2022, enabling the deployment of ransomware that resulted in ransom demands ranging from $300,000 to $15 million. He received a percentage of the ransom payments, including $94,259 from a $500,000 ransom and $162,220 from a $1 million ransom, and was ordered to pay nearly $9.2 million in restitution to affected organizations. Volkov's activities were uncovered through digital forensics, including chat logs, cryptocurrency records, and social media accounts, and he was extradited to the U.S. after being apprehended in Rome. The indictment and plea agreement detail Volkov's collaboration with co-conspirators, his use of aliases such as "chubaka.kor," and his involvement in negotiating ransom payments and providing network credentials to the Yanluowang group. The attacks affected a range of U.S. businesses, including engineering firms, banks, and telecommunications providers, with some victims able to restore from backups and avoid ransom payments. Volkov faces up to 53 years in prison for charges including access device fraud, aggravated identity theft, and conspiracy to commit money laundering and computer fraud.
Mar 21, 2026
Initial access broker Aleksei Volkov sentenced for enabling Yanluowang ransomware attacks
A U.S. federal court sentenced Russian national **Aleksei Volkov**, 26, to **81 months in prison** for acting as an initial access broker who helped major cybercrime groups, including the **Yanluowang** ransomware operation, compromise U.S. companies and other organizations. Prosecutors said Volkov gained unauthorized access to victim networks and sold that access to ransomware operators, who then deployed malware, encrypted systems, stole data, and extorted victims through cryptocurrency ransom demands. The U.S. Department of Justice said the campaign caused more than **$9 million in actual losses** and more than **$24 million in intended losses**. Volkov was indicted in Indiana and Pennsylvania, arrested in Rome, extradited from Italy to the United States, and later pleaded guilty after the cases were consolidated. As part of the plea, he admitted hacking victim networks, stealing data, helping co-conspirators deploy ransomware, and sharing in ransom proceeds; he was also ordered to pay at least **$9,167,198.19** in restitution and forfeit equipment used in the crimes.
Mar 27, 2026
Guilty Pleas in Major Cyber-Enabled Fraud and Ransomware Operations
U.S. authorities secured guilty pleas in two separate cyber-enabled criminal cases: a Ghana-based fraud ring that stole more than **$100 million** via **business email compromise (BEC)** and romance scams, and a **Phobos** ransomware administrator tied to a global extortion operation. The cases highlight parallel monetization paths—social engineering and payment redirection in BEC/romance schemes versus data encryption and extortion in ransomware-as-a-service (RaaS)—and both involve international arrests/extraditions to the United States. In the fraud case, **Derrick Van Yeboah** (40) pleaded guilty to conspiracy to commit wire fraud and agreed to pay **over $10 million** in restitution for his role in a Ghana-based operation that targeted U.S. victims from 2016 to May 2023, using spoofed emails to impersonate customers/employees and laundering proceeds through U.S. intermediaries before sending funds to coordinators in West Africa. Separately, **Evgenii Ptitsyn** (43) pleaded guilty to wire fraud conspiracy for helping develop, sell, distribute, and operate the **Phobos** ransomware platform, which the U.S. DoJ says hit **1,000+** entities and extorted **$16+ million**; he was arrested in South Korea in 2024, extradited to the U.S., and faces up to **20 years** in prison, with sentencing scheduled for July 15.
Mar 21, 2026