Aleksei Volkov has been sentenced to 81 months in prison for his role in Yanluowang ransomware attacks. 

The post US Prisons Russian Access Broker for Aiding Ransomware Attacks appeared first on SecurityWeek.

A federal court in Indiana sentenced a Russian cybercriminal to 81 months in prison on charges related to his role as an initial access broker for ransomware groups.

Aleksei Volkov, 26, of St. Petersburg, Russia, pleaded guilty in November 2025 to six federal charges stemming from his work with the Yanluowang ransomware group and other cybercriminal organizations between July 2021 and November 2022. He was arrested in Rome and subsequently extradited to the United States.

Volkov, also known as “chubaka.kor,” operated as an initial access broker, a specialized role in which he identified and exploited vulnerabilities in corporate networks and sold that access to ransomware operators. The function has become increasingly common in the ransomware ecosystem, enabling criminals to profit from attacks without directly deploying malware or executing extortion demands.

According to court documents, Volkov facilitated dozens of attacks that resulted in more than $9 million in confirmed losses to victims and over $24 million in intended losses. Prosecutors identified seven specific U.S. businesses targeted during the 16-month period, including an engineering firm and a bank. Two victims paid a combined $1.5 million in ransom payments.

The Yanluowang ransomware group employed tactics beyond simple data encryption. Victims reported receiving harassing phone calls and experiencing distributed denial of service attacks after their data was stolen, representing an evolution in how ransomware operators apply pressure to targets.

Volkov received compensation through either flat fees for providing network access or percentages of ransom payments collected from victims. When victims refused to pay, conspirators published stolen data on leak websites designed to shame companies and potentially encourage future victims to comply with demands.

His guilty plea covered charges filed in two separate jurisdictions that were later consolidated, including unlawful transfer of a means of identification, trafficking in access information, access device fraud, aggravated identity theft, conspiracy to commit computer fraud, and conspiracy to commit money laundering.

As part of his sentence, Volkov must pay full restitution to victims, including at least $9.1 million to identified companies, and forfeit equipment used in his criminal activities.

The post Russian access broker sentenced to over 6 years in prison for ransomware schemes appeared first on CyberScoop.

A 25-year-old Russian national pleaded guilty to multiple charges stemming from their participation in ransomware attacks and faces a maximum penalty up to 53 years in prison.

Aleksei Olegovich Volkov, also known as “chubaka.kor,” served as the initial access broker for the Yanluowang ransomware group while living in Russia from July 2021 through November 2022, according to court records. Prosecutors accuse Volkov and unnamed co-conspirators of attacking seven U.S. businesses during that period, including two that paid a combined $1.5 million in ransoms. 

The victims, which included an engineering firm and a bank, said executives received harassing phone calls and their networks were hit with distributed denial of service attacks after their data was stolen and encrypted by Yanluowang ransomware operators. 

Cisco wasn’t named in the court filings for Volkov’s case, but the enterprise networking and security vendor said it was impacted by an attack attributed to Yanluowang ransomware in May 2022. Cisco linked the attack to an initial access broker who had ties to UNC2447, Lapsus$ and Yanluowang ransomware operators. 

Volkov identified targets, exploited vulnerabilities in their systems, and shared access with co-conspirators for a flat fee or percentage of the ransom paid by the victim, according to prosecutors.

Some of Volkov’s alleged victims were unable to function normally without access to their data and had to temporarily shut down operations in the wake of the attacks. Prosecutors said the total amount demanded in ransoms from all seven victims was $24 million.

The FBI said it traced cryptocurrency transactions related to the payments to accounts reportedly owned by Volkov and a co-conspirator, “CC-1,” who was residing in Indianapolis at the time. 

Blockchain analysis allowed the FBI to confirm Volkov’s identity and uncover multiple accounts they used to communicate with co-conspirators about ransomware attacks, payments and splitting illicit proceeds from their criminal activities, according to court records.

Volkov, who is also identified as Aleskey Olegovich Volkov in the unsealed indictment, was arrested Jan. 18, 2024, in Rome, where they were living at the time. Volkov was later extradited to the United States and remains in custody in Indiana.

Volkov previously filed an intention to plead guilty in April in the U.S. District Court for the Eastern District of Pennsylvania and agreed to have their case transferred to the U.S. District Court for the Southern District of Indiana.

Volkov pleaded guilty to six charges Oct. 29, including unlawful transfer of a means of identification, trafficking in access information, access device fraud, aggravated identity theft, conspiracy to commit computer fraud and conspiracy to commit money laundering. Court Watch was the first to report on Volkov’s guilty plea. 

The plea agreement, which was filed Monday, did not include an agreed upon sentence, but Volkov is required to pay a combined restitution of nearly $9.2 million to the seven victims. Volkov’s attorney did not respond to a request for comment. 

You can read the full petition to enter a plea of guilty below.

The post Russian national pleads guilty to breaking into networks for Yanluowang ransomware attacks appeared first on CyberScoop.