Initial access broker Aleksei Volkov sentenced for enabling Yanluowang ransomware attacks
A U.S. federal court sentenced Russian national Aleksei Volkov, 26, to 81 months in prison for acting as an initial access broker who helped major cybercrime groups, including the Yanluowang ransomware operation, compromise U.S. companies and other organizations. Prosecutors said Volkov gained unauthorized access to victim networks and sold that access to ransomware operators, who then deployed malware, encrypted systems, stole data, and extorted victims through cryptocurrency ransom demands.
The U.S. Department of Justice said the campaign caused more than $9 million in actual losses and more than $24 million in intended losses. Volkov was indicted in Indiana and Pennsylvania, arrested in Rome, extradited from Italy to the United States, and later pleaded guilty after the cases were consolidated. As part of the plea, he admitted hacking victim networks, stealing data, helping co-conspirators deploy ransomware, and sharing in ransom proceeds; he was also ordered to pay at least $9,167,198.19 in restitution and forfeit equipment used in the crimes.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
U.S. charges Angelo Martino in BlackCat ransomware extortion case
U.S. prosecutors charged Angelo Martino as a third negotiator tied to BlackCat/ALPHV ransomware attacks, alleging he helped pressure at least 10 victims into paying higher ransoms while working for DigitalMint. Authorities also seized nearly $9.2 million in cryptocurrency and other assets connected to the case.
U.S. court sentences Volkov to 81 months in prison
The Southern District of Indiana sentenced Volkov to 81 months in prison for assisting major cybercrime groups, including the Yanluowang ransomware gang. He was also ordered to pay at least $9,167,198.19 in restitution and forfeit equipment used in the crimes.
Volkov pleads guilty in consolidated U.S. cybercrime case
Volkov pleaded guilty after the Indiana and Pennsylvania cases were consolidated. In his plea, he admitted to hacking victim networks, stealing data, enabling ransomware deployment through co-conspirators, and sharing in ransom proceeds.
Volkov is arrested in Rome and extradited from Italy to the United States
After being charged, Volkov was arrested in Rome and transferred from Italy to the United States to face prosecution. The extradition enabled the U.S. cases against him to proceed.
Volkov is indicted in Indiana and Pennsylvania cybercrime cases
U.S. prosecutors charged Volkov in separate cases in the Southern District of Indiana and the Eastern District of Pennsylvania for his role in intrusions and ransomware-enabling activity. The cases were later consolidated.
Volkov brokers unauthorized access for ransomware attacks on U.S. victims
Aleksei Volkov acted as an initial access broker, hacking into victim networks and selling that access to cybercrime groups including the Yanluowang ransomware gang. The resulting intrusions led to data theft, ransomware deployment, and extortion against numerous U.S. companies and organizations, causing more than $9 million in actual losses and more than $24 million in intended losses.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
12 references tracked. Mallory keeps watching after this page renders.
Russian Initial Access Broker Sentenced to Prison for Enabling Major Ransomware Attacks on U.S. Firms
cybersecuritynews.com
Open sourceRussian access broker sentenced to over 6 years in prison for ransomware schemes | CyberScoop
cyberscoop.com
Open source81-month sentence for Russian hacker behind major ransomware campaigns
securityaffairs.com
Open sourceRussian sentenced to jail for his part in ransomware attacks | IT Pro
itpro.com
Open sourceOffice of Public Affairs | Russian Citizen Sentenced to Prison for Hacking into U.S. Companies and Enabling Major Cybercrime Groups to Extort Tens of Millions of Dollars | United States Department of Justice
justice.gov
Open sourceInitial Access Broker sentenced to 81 months in prison for enabling Yanluowang ransomware gang - DataBreaches.Net
databreaches.net
Open sourceRussian Citizen Sentenced to Prison for Hacking into U.S. Companies and Enabling Major Cybercrime Groups to Extort Tens of Millions of Dollars - Infosec.Pub
infosec.pub
Open sourceUnclassified
ismg-cdn.nyc3.cdn.digitaloceanspaces.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Guilty Plea of Yanluowang Ransomware Initial Access Broker
Aleksei Olegovich Volkov, a Russian national, pleaded guilty in the United States to charges related to his role as an initial access broker (IAB) for the Yanluowang ransomware group. Volkov provided access to at least seven U.S. organizations between July 2021 and November 2022, enabling the deployment of ransomware that resulted in ransom demands ranging from $300,000 to $15 million. He received a percentage of the ransom payments, including $94,259 from a $500,000 ransom and $162,220 from a $1 million ransom, and was ordered to pay nearly $9.2 million in restitution to affected organizations. Volkov's activities were uncovered through digital forensics, including chat logs, cryptocurrency records, and social media accounts, and he was extradited to the U.S. after being apprehended in Rome. The indictment and plea agreement detail Volkov's collaboration with co-conspirators, his use of aliases such as "chubaka.kor," and his involvement in negotiating ransom payments and providing network credentials to the Yanluowang group. The attacks affected a range of U.S. businesses, including engineering firms, banks, and telecommunications providers, with some victims able to restore from backups and avoid ransom payments. Volkov faces up to 53 years in prison for charges including access device fraud, aggravated identity theft, and conspiracy to commit money laundering and computer fraud.
Mar 21, 2026Guilty Plea of Yanluowang Ransomware Initial Access Broker
Aleksei Olegovich Volkov, a Russian national operating under the alias 'chubaka.kor', pleaded guilty to hacking into U.S. companies and selling network access to ransomware groups, specifically those deploying the Yanluowang ransomware. Volkov used various techniques to compromise employee accounts, escalate privileges, and then brokered access to other cybercriminals, facilitating ransomware attacks on at least seven U.S. organizations, including a bank, a telecommunications company, and an engineering firm. Court documents reveal that two of the victims paid ransoms totaling $1.5 million in Bitcoin, with Volkov receiving a portion of the proceeds. Volkov's activities spanned from July 2021 to November 2022, after which the Yanluowang group ceased operations following a hack and leak of their internal data. He was arrested in 2024 after relocating to Rome and subsequently extradited to the United States, where he now faces up to 50 years in prison and fines up to $1 million, along with restitution to victims. The case highlights the significant role of initial access brokers in enabling ransomware operations and the ongoing law enforcement efforts to disrupt such cybercriminal supply chains.
Mar 21, 2026
US Sentences REvil Affiliate and Jails Karakurt Operative in Ransomware Crackdown
The United States sentenced **Yaroslav Vasinskyi** (`Rabotnik`), a Ukrainian affiliate of the **Sodinokibi/REvil** ransomware operation, to **13 years and 7 months** in prison for his role in more than **2,500 attacks** that collectively sought over **$700 million** in ransom payments. Prosecutors said the scheme encrypted victim networks, threatened to leak stolen data, and used cryptocurrency exchangers and mixing services to launder proceeds; the court also ordered more than **$16 million** in restitution. U.S. authorities said related forfeiture actions recovered assets including **39.89138522 Bitcoin** and **$6.1 million**, and credited cooperation with Polish authorities for Vasinskyi’s extradition and prosecution. In a separate but related enforcement action, **Deniss Zolotarjovs**, a Latvian national tied to the **Karakurt** extortion operation and linked by investigators to the broader **Conti** ecosystem, was sentenced to **102 months** in prison after U.S. prosecutors accused him of helping pressure victims with stolen data, reviving unresolved extortion cases, and laundering cryptocurrency. Authorities said the Russian-linked group targeted more than **54 companies worldwide**, including victims whose stolen records included sensitive medical information, and generated losses exceeding **$56 million** across 13 victims with roughly **$13 million** more paid by 41 additional companies. The cases underscore sustained cross-border law enforcement action against ransomware and data-extortion actors operating through Russia-linked criminal networks.
May 25, 2026