Two former cybersecurity professionals who moonlighted as cybercriminals, committing a series of ransomware attacks in 2023, were each sentenced to four years in prison, the Justice Department said Thursday.

Ryan Clifford Goldberg and Kevin Tyler Martin previously pleaded guilty to one of three charges brought against them in December and faced up to 20 years behind bars. 

Goldberg, who was a manager of incident response at Sygnia, and Martin, a ransomware negotiator at DigitalMint at the time, collaborated with Angelo John Martino III to attack victim computers and networks and use ALPHV, also known as BlackCat, ransomware to extort payments.

“These defendants exploited specialized cybersecurity knowledge not to protect victims, but to extort them,” Jason A. Reding Quiñones, U.S. attorney for the Southern District of Florida, said in a statement. “They used ransomware to lock down critical systems, steal sensitive data, and pressure American businesses into paying to regain access to their own information.”

Victims impacted by the attacks Goldberg and Martin participated in over a six-month period in 2023 included a medical company based in Florida, a pharmaceutical company based in Maryland, a California doctor’s office, an engineering company based in California and a drone manufacturer in Virginia. 

“They harmed important firms who were providing medical and engineering services. They played hardball with them, going so far as to cause the leak of patient data from a doctor’s office victim,” A. Tysen Duva, assistant attorney general of the Justice Department’s criminal division, said in a statement.

“These were supposed to be cybersecurity specialists who did good and helped businesses and people. Instead, they used their high-level cyber skills to feed their greed. Ransomware attackers like this should be punished and removed from society to serve their lawful sentences so they cannot harm others,” Duva added.

Goldberg and Martin received identical sentences for their crimes, despite significant differences surrounding their initial arrests. Martin was arrested without incident in October and freed on bond later that month.

Goldberg fled the country in June, 10 days after he was interviewed by the FBI. He was arrested Sept. 22 and ordered to remain in custody pending trial due to flight risk. 

Goldberg and his wife boarded a one-way flight to Paris from Atlanta on June 27 and remained in Europe until Sept. 21. When Goldberg flew directly from Amsterdam to Mexico City, he was arrested upon landing and deported to the United States.

“When Goldberg sought to flee abroad and escape prosecution, the FBI tracked him through 10 countries, demonstrating the lengths we will go to hold cyber criminals accountable and protect victims,” Brett Leatherman, assistant director of the FBI’s Cyber Division, said in a statement.

The cases against Golberg, Martin and their co-conspirator Martino showcase an extreme, albeit rare, example of the dark underbelly of ransomware negotiation as a practice. The pitfalls of ransomware negotiation are excessive and these backchannel negotiations, which remain largely unscrutinized, can go awry for various reasons.

Goldberg, 40, and Martin, 36, extorted a $1.3 million ransom payment from the medical company with Martino in May 2023, but did not receive ransom payments from their other victims.

Martino’s ransomware scheme went much further and caused significantly more damage, helping accomplices extort a combined $75.3 million in ransom payments. Five of Martino’s victims hired DigitalMint, which assigned the 41-year-old to conduct ransomware negotiations on their clients’ behalf — a rare position he exploited to play both sides.

He pleaded guilty earlier this month to sharing confidential information about victim organizations’ internal negotiating positions and insurance policy limits he gained from his work as a ransomware negotiator to extract the maximum ransom payment for himself and other BlackCat affiliates.

The five U.S.-based victims that hired DigitalMint and unwittingly tapped Martino to allegedly conduct ransomware negotiations with himself and his co-conspirators include a nonprofit and companies in the hospitality, financial services, retail and medical industries. All five of those victims paid a ransom.

Martino surrendered in March to the U.S. Marshals in Miami and was released on a $500,000 bond. He faces up to 20 years in federal prison and is scheduled for sentencing July 9.

Sygnia and DigitalMint are not accused of any knowledge or involvement in the crimes, and both previously said they fired their former employees once federal authorities alerted the companies to their alleged crimes. 

ALPHV/BlackCat was a notorious ransomware and extortion group linked to a series of attacks on critical infrastructure providers. The ransomware variant first appeared in late 2021, and was later used in dozens of attacks on organizations in the health care sector.

The group behind the ransomware strain also claimed responsibility for the February 2024 attack on UnitedHealth Group subsidiary Change Healthcare, which paid a $22 million ransom and became the largest health care data breach on record, compromising data on about 190 million people.

The post Former incident responders sentenced to 4 years in prison for committing ransomware attacks appeared first on CyberScoop.

A South Florida man pleaded guilty to conspiring with multiple ransomware affiliates to commit attacks against and extort payments from the same U.S. companies he represented as a ransomware negotiator for DigitalMint in 2023, the Justice Department said Monday.

Angelo John Martino III shared confidential information about victim organizations’ internal negotiating positions and insurance policy limits he gained from his work as a ransomware negotiator to extract the maximum ransom payment for himself and other BlackCat affiliates, according to his plea agreement.

Five of Martino’s victims hired DigitalMint, which assigned the 41-year-old to conduct ransomware negotiations on their clients’ behalf — a rare position he exploited to play both sides. DigitalMint, which is not accused of any knowledge or involvement in the crimes, fired Martino the day after the Justice Department informed the company they were investigating him in April 2025. 

The five U.S.-based victims that hired DigitalMint and unwittingly tapped Martino to allegedly conduct ransomware negotiations with himself and his co-conspirators include a nonprofit and companies in the hospitality, financial services, retail and medical industries. All five of those victims paid a ransom.

Prosecutors previously said Martino helped accomplices extort a combined $75.3 million in ransom payments, including a nearly $26.8 million payment from the unnamed nonprofit, and a nearly $25.7 million payment from the unnamed financial services company. 

Martino also admitted to conspiring with Kevin Tyler Martin, another former ransomware negotiator at DigitalMint, and Ryan Clifford Goldberg, a former manager of incident response at Sygnia, to deploy BlackCat ransomware, also known as ALPHV, against five additional U.S. companies between April and November 2023. 

Goldberg and Martin pleaded guilty in December to participating in a series of ransomware attacks and are scheduled for sentencing April 30.

“Angelo Martino’s clients trusted him to respond to ransomware threats and help thwart and remedy them on behalf of victims,” A. Tysen Duva, assistant attorney general at the Justice Department’s Criminal Division, said in a statement. “Instead, he betrayed them and began launching ransomware attacks himself by assisting cybercriminals and harming victims, his own employer, and the cyber incident response industry itself.”

The case against Martino showcases an extreme, albeit rare, example of the dark underbelly of ransomware negotiation as a practice. The pitfalls of ransomware negotiation are excessive and these backchannel negotiations, which remain largely unscrutinized, can go awry for various reasons. 

Officials shared a series of chats Martino held with co-conspirators and his victims that exemplify the lengths he went to betray DigitalMint’s clients and empower his accomplices with crucial tips for a successful negotiation strategy.

DigitalMint did not respond to a request for comment on Martino’s guilty plea.

Negotiation chats exemplify Martino’s crimes

During an incident response with one of his victims, Martino told a BlackCat affiliate the company’s insurance carrier “was only approving small accounts,” according to his plea agreement. “Keep denying our offers and I will let you know once I find out the max the[y] want to pay,” he added.

“We don’t know how you came up with your demand but we are losing money operationally and all of our loans are going to turnover on us this year at double the interest rates,” Martino said in a negotiation chat visible to DigitalMint and the victim organization in the hospitality industry. “We are able to give you $1 million now, which is a very serious offer.”

Following Martino’s instructions, the BlackCat accomplice responded: “Well, you can keep that for the penalties and lawsuits which are coming your way in case we expose you. Time is ticking — we know how much you can pay. Contact your insurance. We know about them also. Stop wasting time.”

That victim company ultimately paid a ransom worth nearly $16.5 million at the time to receive a decryptor and the BlackCat affiliate’s commitment to not publish stolen data. The two other victims Martino represented via DigitalMint at the time paid $6.1 million and $213,000 ransoms for similar commitments.

“Ransomware victims turned to this defendant for help, and he sold them out from the inside,” Jason A. Reding Quiñones, U.S. attorney for the Southern District of Florida, said in a statement.

Martino received a portion of the ransomware payments for his involvement in the conspiracy.

Authorities have seized $10 million in assets and cryptocurrency wallets controlled by Martino. Law enforcement seized multiple vehicles, a food truck and a 29-foot luxury fishing boat that he obtained using proceeds from his crimes.

Officials also seized two properties owned by Martino in Nokomis, Florida, including a bayfront home with an estimated value of $1.68 million and a second single-family home with an estimated value of $396,000. 

Martino surrendered in March to the U.S. Marshals in Miami and was released on a $500,000 bond.

“The FBI works every day to dismantle the ransomware ecosystem,” Brett Leatherman, assistant director of the FBI’s Cyber Division, said in a statement. “That includes apprehending key facilitators like Angelo Martino, who abused the trust placed in him as a private sector negotiator by collaborating with ransomware criminals.”

ALPHV/BlackCat was a notorious ransomware and extortion group linked to a series of attacks on critical infrastructure providers. The ransomware variant first appeared in late 2021, and was later used in dozens of attacks on organizations in the health care sector.

The group behind the ransomware strain also claimed responsibility for the February 2024 attack on UnitedHealth Group subsidiary Change Healthcare, which paid a $22 million ransom and became the largest health care data breach on record, compromising data on about 190 million people.

Martino pleaded guilty to conspiracy to obstruct, delay or affect commerce or the movement of any article or commodity in commerce by extortion. He faces up to 20 years in federal prison and is scheduled for sentencing July 9.

You can read Martino’s plea agreement below.

The post Former DigitalMint ransomware negotiator pleads guilty to extortion scheme appeared first on CyberScoop.

A core leader of the hacker subset of The Com responsible for a series of high-profile phishing attacks and cryptocurrency thefts from September 2021 to April 2023 pleaded guilty to federal charges, the Justice Department said Friday. 

Tyler Robert Buchanan of Dundee, Scotland, pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft. The 24-year-old was arrested by Spanish police in Palma in 2024 as he attempted to board a charter flight to Naples, Italy. 

Buchanan has been in federal custody since April 2025 and faces up to 22 years in federal prison at his sentencing, which is scheduled for August 21. 

The British national and his co-conspirators, including Noah Michael Urban, who was sentenced to a 10-year federal prison sentence last year, harvested thousands of credentials via phishing and stole more than $8 million in cryptocurrency from U.S. residents via SIM-swapping attacks.

Victims included high net worth individuals and businesses in the entertainment, telecom, technology, business process outsourcing, IT, cloud and virtual currency sectors, officials said.

Buchanan and his co-conspirators were part of an aggressive subset of The Com coined Scattered Spider. While The Com and its offshoots don’t operate with formal leaders in the traditional sense, Buchanan played a crucial role in the operation, according to Allison Nixon, chief research officer at Unit 221B.

“[Buchanan] was the glue that held this gang together. His success at wiping out victims’ savings made him a target for both law enforcement and rival Com gangs,” Nixon told CyberScoop.

“[Buchanan] is part of an older generation that came from certain toxic gaming servers before the pandemic. People from this generation learned hacking in order to steal vanity usernames and bully kids before using it to steal peoples’ savings,” she added.

Federal authorities filed charges against five individuals with links to the Scattered Spider cybercrime outfit in 2024. Buchanan and Urban’s alleged co-conspirators — Ahmed Hossam Eldin Elbadawy, Evans Onyeaka Osiebo and Joel Martin Evans — still face charges in the case, officials said. 

Nixon lauded law enforcement for acting decisively to arrest Buchanan during a brief window of opportunity while he was traveling internationally. 

“Com members are obsessed with private jets and foreign vacations, and the feds took that dream away with one arrest,” she said. 

The tactic, which U.S. officials also use against Russian cybercriminals, works because most countries are willing to support in the arrest of foreign criminals, thereby keeping them out of their respective jurisdictions, Nixon said. 

“As a foreigner, he was caught in a weaker legal position than if he was arrested at home, and cases following this tactic tend to have very long sentences,” she added. “The takeaway for Com members watching this case is that criminal foreigners associated with violence are the lowest class in every country. And that’s what Com members are when they travel.”

The Justice Department said Buchanan and his co-conspirators defrauded at least a dozen companies and their employees throughout the United States. A digital device police found at his residence in April 2023 contained personal data on numerous individuals and victim companies, according to his plea agreement.

It’s unclear what transpired between that search in April 2023 in Scotland and his June 2024 arrest at a resort city on the Spanish island of Mallorca. Moreover, his plea agreement doesn’t include the entirety of his alleged crimes. 

Buchanan attracted a lot of attention and successfully coordinated many attacks before a rival Com gang allegedly broke into his home and used a blowtorch on him to extract crypto keys in his possession, according to Nixon. 

Following his arrest, Spanish police said Buchanan had gained control of bitcoin worth more than $27 million at that time. 

While early leaders of Scattered Spider have been arrested or sentenced for their crimes, others have filled those roles with even more exceptional impact. 

The Com has grown to thousands of members, typically between 11 and 25 years old, splintered into three primary subsets the FBI describes as Hacker Com, In Real Life Com and Extortion Com.

Criminal acts committed by these multiple, interconnected networks include swatting, extortion and sextortion of minors, production and distribution of child sexual abuse material, violent crime and various other cybercrimes. 

You can read the indictment against Buchanan and some of his co-conspirators below.

The post Scottish man pleads guilty to attack spree that created Scattered Spider’s notoriety appeared first on CyberScoop.

Angelo Martino of Florida has pleaded guilty to collaborating with the BlackCat cybercrime group while working as a ransomware negotiator.

The post Third US Security Expert Admits Helping Ransomware Gang appeared first on SecurityWeek.

Tyler Buchanan admitted in court to hacking into various companies, defrauding them, and stealing cryptocurrency from multiple individuals.

The post British Scattered Spider Hacker Pleads Guilty in the US appeared first on SecurityWeek.

Three American men were sentenced Friday for crimes they committed in furtherance of North Korea’s vast scheme to get operatives hired at U.S. companies, the Justice Department said.

The trio — Audricus Phagnasay, 25, Jason Salazar, 30, and Alexander Paul Travis, 35 — pleaded guilty in November to wire fraud conspiracy for providing U.S. identities to remote North Korean IT workers.

They hosted U.S. company-provided laptops at their homes and installed remote-access software so North Korean operatives could appear to be working in the country. The group also helped remote IT workers pass employer vetting and, in the case of Travis and Salazar, took drug tests on behalf of the North Koreans, prosecutors said.

Travis, an active-duty member of the U.S. Army at the time, received about $51,000 from the scheme. He was sentenced to one year in prison and ordered to forfeit about $193,000.

Phagnasay and Salazar each pocketed about $3,500 and $4,500, respectively, and were both sentenced to three years of probation and a $2,000 fine.  A federal court ordered Salazar to forfeit about $410,000 and ordered Phagnasay to forfeit nearly $682,000.

“These men practically gave the keys to the online kingdom to likely North Korean overseas technology workers seeking to raise illicit revenue for the North Korean government — all in return for what to them seemed like easy money,” Margaret Heap, U.S. attorney for the Southern District of Georgia, said in a statement. 

“These schemes present a significant challenge to our national security, and we applaud our investigative partners working to secure our digital borders,” Heap added.

The trio facilitated about $1.28 million in salary from victim U.S. companies from September 2019 through November 2022. Yet, the financial cuts for their assistance was relatively low.

Officials’ countermeasures to these schemes, which ultimately launder ill-gotten money to North Korea’s government, involve the targeting of U.S.-based facilitators who provide forged or stolen identities and laptop farms for North Korean operatives, and the seizure of cryptocurrency linked to theft. 

Law enforcement wins on both fronts are stacking up, but researchers warn that North Korea’s operation is massive in scale and consistently evolving.

Microsoft Threat Intelligence earlier this month warned that North Korean threat groups are using artificial intelligence tools to accelerate and expand the country’s scheme – automating and improving efforts across the attack lifecycle.

The post Trio sentenced for facilitating North Korean IT worker scheme from their homes appeared first on CyberScoop.

Russian national Evgenii Ptitsyn pleaded guilty to running the Phobos ransomware outfit that extorted more than $39 million from more than 1,000 victims globally, the Justice Department said Wednesday.

Ptitsyn assumed a leadership role in the Phobos ransomware group in January 2022, yet his criminal activities began by April 2019, according to court records. He continued leading the cybercrime syndicate until May 2024 when he was arrested in South Korea. Ptitsyn was extradited to the United States in November 2025.

Federal prosecutors dropped multiple charges against Ptitsyn as part of a plea agreement he signed last month. He faces up to 20 years in prison for wire fraud conspiracy.

Ptitsyn agreed to forfeit $1.77 million in assets and is required to pay at least $39.3 million in restitution, representing the full amount of his victims’ losses.

The 43-year-old pleaded guilty to engaging in a global ransomware scheme with co-conspirators beginning in November 2020. Ptitsyn and alleged associates distributed Phobos ransomware to other co-conspirators who broke into victim networks, often with stolen credentials, to steal and encrypt data, which they used to extort victims for payment.

Phobos ransomware administrators operated a site to coordinate the sale and distribution of Phobos ransomware to co-conspirators. Affiliates who successfully attacked victims with the ransomware paid $300 to administrators for a unique decryption key.

Ptitsyn controlled multiple cryptocurrency wallets that received thousands of decryption key fees from affiliates who used Phobos to extort victims. He received 25% of the decryption key payment and sometimes received a portion of ransomware payments. 

“Ptitsyn and others were responsible for dozens of ransomware attacks against U.S. victims, including health care companies, hospitals, educational institutions, and providers of essential services,” federal prosecutors said in a stipulation of facts in his plea agreement. 

Phobos ransomware victims paid a collective amount of $30 million in ransoms, based on the value at the time of payment, according to court records. Victims also suffered losses of at least $9.3 million from Phobos ransomware attacks, including a U.S. educational institution that reported losses exceeding $4 million. 

“Ptitsyn and other members of the Phobos ransomware conspiracy launched ransomware attacks against more than 1,000 victims around the world, including at least 890 victims located in the United States,” prosecutors said.

Officials provided details about 15 unnamed U.S. victims that paid a combined $536,000 in ransoms at the time of payment. Victims included a Maryland-based company that provided accounting and consulting services to federal agencies, an Illinois-based contractor for the Departments of Defense and Energy, and a children’s hospital in North Carolina.

You can read the facts entered into court records as part of Ptitsyn’s plea agreement below.

The post Phobos ransomware leader pleads guilty, faces up to 20 years in prison appeared first on CyberScoop.

A Russian national pleaded guilty to leading a ransomware conspiracy that targeted at least 50 victims during a four-year period ending in August 2022. 

Ianis Aleksandrovich Antropenko began participating in ransomware attacks before moving to the United States, but conducted many of his crimes while living in Florida and California, where he’s been out on bond enjoying rare leniency since his arrest in 2024.

Antropenko pleaded guilty in the U.S. District Court for the Northern District of Texas earlier this month to conspiracy to commit money laundering and conspiracy to commit computer fraud and abuse. He faces up to 25 years in jail, fines up to $750,000 and is ordered to pay restitution to his victims and forfeit property.

Federal prosecutors reached a plea agreement with Antropenko after a years-long investigation, closing one of the more unusual cases against a Russian ransomware operator who committed many of his crimes while living in the U.S.

While most cybercriminals, especially those involved in ransomware, are held in jail pending trial because of a flight risk, Antropenko was granted bail the day of his arrest. 

This rare flash of deferment in a case involving a prolific cybercriminal is even more shocking considering his multiple run-ins with police since then. Antropenko violated conditions for his pretrial release at least three times in a four-month period last year, including two arrests in Southern California involving dangerous behavior while under the influence of drugs and alcohol.

As part of his plea agreement, Antropenko recognized that pleading guilty could impact his immigration status since the crimes he committed are removable offenses. 

Court records don’t indicate if Antropenko has been detained pending sentencing, and his sentencing hasn’t been scheduled. His attorney and federal prosecutors working on his case did not respond to requests for comment. 

Antropenko admitted to leading the ransomware conspiracy with the aid of multiple co-conspirators, including some who lived outside the U.S.

His ex-wife, Valeriia Bednarchik, was previously implicated by the FBI and prosecutors as one of his alleged co-conspirators involved in the laundering of ransomware proceeds. 

FBI investigators traced Antropenko’s activities via accounts he held at Proton Mail, PayPal and Bank of America, and accounts he and Bednarchik controlled at Binance and Apple. In Bednarchik’s iCloud account, agents found a seed phrase for a crypto wallet that had received over 40 Bitcoin from Antropenko’s accounts, as well as evidence she had agreed to safeguard a disguised copy of this phrase so the funds could be accessed if Antropenko became unavailable. Her account also contained joint tax returns with Antropenko and photos showing large amounts of U.S. cash.

Bednarchik, who also lives in Southern California, has been identified as Antropenko’s unnamed co-conspirator through court documents and public records. While authorities previously indicated they plan to bring charges against her, no cases are currently pending.

Antropenko, who previously pleaded not guilty to the charges in October 2025, used multiple ransomware variants to commit attacks, including Zeppelin and GlobeImposter. The ransomware operation he led caused losses of at least $1.5 million to victims, according to court records.

Yet, the spoils of his crimes appear to be much greater. The Justice Department seized more than $2.8 million in cryptocurrency, nearly $71,000 in cash and two luxury vehicles from Antropenko in February 2024. Authorities seized an additional $595,000 in cryptocurrency from a wallet Antropenko owned in July 2025.

You can read the statement of facts and plea agreement below.

The post Leader of ransomware crew pleads guilty to four-year crime spree appeared first on CyberScoop.

A 19-year-old man from San Antonio pleaded guilty Friday to multiple crimes involving the sexual exploitation of children while acting as an administrator and leader of 8884, a splinter group of the violent extremist collective known as 764. 

Alexis Aldair Chavez faces up to 60 years in prison for racketeering, distribution and possession of child sexual abuse material (CSAM). He was arrested and has been detained without bail since October 2024.

Chavez began associating with 764 as a minor in 2022 when a co-conspirator introduced him to 7997, one of many 764 offshoots affiliated with The Com. Authorities describe The Com as a sprawling nihilistic violent extremist network of thousands of people, typically between 11 and 25 years old, engaged in a growing online threat to coerce vulnerable children to produce CSAM of themselves, gore material, self mutilation, sibling abuse, animal abuse and other acts of violence.

“Chavez led a group of online predators whose ultimate purpose is to destroy our society,” Sue Bai, principal deputy assistant attorney general for national security, said in a statement. “They tried to achieve that heinous goal by desensitizing innocent children to violence — coercing them to perform gruesome and harmful acts against themselves and animals — with the hope of encouraging further violence and spreading chaos.”

Prosecutors said Chavez “earned the right” to participate in 7997 chat rooms by killing his cat and posting a video of the crime for others to view. He later groomed multiple victims to blackmail and coerce additional victims, all to increase reputation within the group’s ranks, according to federal court records.

Chavez attempted to coerce a girl to commit suicide and blackmailed another girl into self-mutiliation, animal torture and illicit content production in late 2023. He later worked with multiple co-conspirators and blackmailed some of his victims to coerce other girls to degrade themselves on camera and produce CSAM.

The indictment filed against Chavez in the U.S. District Court for the Western District of Texas details a series of horrifying crimes he committed with co-conspirators and some of his victims. 

Separately, Chavez coerced multiple minors to harm themselves or engage in various acts of depravity on video chats in the 8884 channel.

“The depraved acts described in the indictment are very normal for these people,” Allison Nixon, chief research officer at Unit 221B, told CyberScoop. 

Nixon, who has studied domestic and English-speaking cybercrime and tracked its rise for more than a decade, said 764 is a “very important tar pit for certain rare, risky personalities” that is likely worthy of scientific study. 

“8884 and 7997 are part of a homogenous 764 copycat soup. All of these groups start to blend together,” she said. “Most of these actors are motivated by attention seeking, and their culture is based on competing to be the worst. Ironically, they all end up being the same.”

When the FBI executed a search warrant at Chavez’s residence in July 2024, prosecutors said he came out the backdoor and threw his phone over a neighbor’s fence in an attempt to hide evidence.

Chavez’s guilty plea follows a year of heightened law enforcement activity, which has netted arrests of multiple alleged 764 leaders and members.

Two alleged leaders of 764, Leonidas Varagiannis and Prasan Nepal, were arrested and charged for directing and distributing CSAM in April. The two men are accused of exploiting at least eight minor victims, some as young as 13 years old, and face charges that carry a maximum penalty of life in prison.

Baron Cain Martin, of Tucson, Arizona, allegedly joined the child sextortion ring as early as 2019, eventually acting as a leader until his arrest late last year. Martin faces 29 charges and, if convicted, up to life in prison.

Tony Christopher Long, of California, pleaded not guilty last month to multiple charges carrying a maximum penalty up to 69 years in prison related to his alleged involvement in the nihilistic violent extremist group. 

Erik Lee Madison, of Maryland, was arrested in November and is accused of victimizing at least five children this fall, including one as young as 13 at the time. His alleged criminality dates back to 2020 when he was a minor.

“All of the 764 cases I’ve seen presented by law enforcement have been high quality and successful, and I hope this work can continue,” Nixon said.

Chavez’s sentencing is set for March 25, 2026. You can read the full indictment below.

The post Leader of 764 offshoot pleads guilty, faces up to 60 years in jail appeared first on CyberScoop.

A 25-year-old Russian national pleaded guilty to multiple charges stemming from their participation in ransomware attacks and faces a maximum penalty up to 53 years in prison.

Aleksei Olegovich Volkov, also known as “chubaka.kor,” served as the initial access broker for the Yanluowang ransomware group while living in Russia from July 2021 through November 2022, according to court records. Prosecutors accuse Volkov and unnamed co-conspirators of attacking seven U.S. businesses during that period, including two that paid a combined $1.5 million in ransoms. 

The victims, which included an engineering firm and a bank, said executives received harassing phone calls and their networks were hit with distributed denial of service attacks after their data was stolen and encrypted by Yanluowang ransomware operators. 

Cisco wasn’t named in the court filings for Volkov’s case, but the enterprise networking and security vendor said it was impacted by an attack attributed to Yanluowang ransomware in May 2022. Cisco linked the attack to an initial access broker who had ties to UNC2447, Lapsus$ and Yanluowang ransomware operators. 

Volkov identified targets, exploited vulnerabilities in their systems, and shared access with co-conspirators for a flat fee or percentage of the ransom paid by the victim, according to prosecutors.

Some of Volkov’s alleged victims were unable to function normally without access to their data and had to temporarily shut down operations in the wake of the attacks. Prosecutors said the total amount demanded in ransoms from all seven victims was $24 million.

The FBI said it traced cryptocurrency transactions related to the payments to accounts reportedly owned by Volkov and a co-conspirator, “CC-1,” who was residing in Indianapolis at the time. 

Blockchain analysis allowed the FBI to confirm Volkov’s identity and uncover multiple accounts they used to communicate with co-conspirators about ransomware attacks, payments and splitting illicit proceeds from their criminal activities, according to court records.

Volkov, who is also identified as Aleskey Olegovich Volkov in the unsealed indictment, was arrested Jan. 18, 2024, in Rome, where they were living at the time. Volkov was later extradited to the United States and remains in custody in Indiana.

Volkov previously filed an intention to plead guilty in April in the U.S. District Court for the Eastern District of Pennsylvania and agreed to have their case transferred to the U.S. District Court for the Southern District of Indiana.

Volkov pleaded guilty to six charges Oct. 29, including unlawful transfer of a means of identification, trafficking in access information, access device fraud, aggravated identity theft, conspiracy to commit computer fraud and conspiracy to commit money laundering. Court Watch was the first to report on Volkov’s guilty plea. 

The plea agreement, which was filed Monday, did not include an agreed upon sentence, but Volkov is required to pay a combined restitution of nearly $9.2 million to the seven victims. Volkov’s attorney did not respond to a request for comment. 

You can read the full petition to enter a plea of guilty below.

The post Russian national pleads guilty to breaking into networks for Yanluowang ransomware attacks appeared first on CyberScoop.