Key Findings

• 26-year-old Russian citizen Aleksei Olegovich Volkov sentenced to 81 months in prison for ransomware facilitation

• Volkov operated as initial access broker, providing unauthorized network access to ransomware groups including Yanluowang

• Facilitated dozens of attacks causing over $9 million in confirmed losses and $24 million in intended losses

• Arrested in Italy January 2024, extradited to U.S., pleaded guilty November 2025

• Must pay $9.1 million in restitution to victims and forfeit criminal tools

• Related charges brought against third BlackCat ransomware negotiator with $9.2 million in cryptocurrency seized

Background

Aleksei Volkov, operating under the alias "chubaka.kor," conducted his criminal operations between July 2021 and November 2022 from St. Petersburg, Russia. His arrest in Rome and subsequent extradition marked a significant effort by U.S. law enforcement to hold international cybercriminals accountable. The case exemplifies how modern ransomware operations rely on specialized roles within criminal networks, with initial access brokers serving as crucial links in the attack chain.

Role as Initial Access Broker

Volkov exploited vulnerabilities in corporate networks and used unauthorized methods to gain entry to computer systems belonging to various U.S. organizations. He then sold this network access to ransomware operators, including the Yanluowang group, who would deploy malware and conduct extortion campaigns. This business model allowed Volkov to profit without directly executing attacks or negotiating with victims.

Scale and Impact of Attacks

Prosecutors identified at least seven specific U.S. targets during the investigation period, including an engineering firm and a bank. Two victims paid combined ransom demands totaling $1.5 million. The Yanluowang group escalated pressure through distributed denial of service attacks and harassing phone calls after stealing data, demonstrating the evolution of ransomware tactics beyond simple encryption.

Financial Arrangement

Volkov received compensation through two mechanisms: flat fees for providing initial network access, or percentage cuts from ransom payments collected by his co-conspirators. This profit-sharing model incentivized him to identify high-value targets and maintain relationships with ransomware operators.

Criminal Charges and Sentencing

Volkov faced six federal charges consolidated from two jurisdictions: unlawful transfer of means of identification, trafficking in access information, access device fraud, aggravated identity theft, conspiracy to commit computer fraud, and conspiracy to commit money laundering. His guilty plea agreement obligated him to pay full restitution to victims and forfeit equipment used in criminal activities.

Related Prosecutions

The Volkov case coincides with federal charges against Angelo Martino, a 41-year-old ransomware negotiator for DigitalMint who worked with the BlackCat ransomware gang. Authorities seized nearly $9.2 million in cryptocurrency from Martino's wallets across five different digital currencies, plus luxury vehicles and properties. Two other incident responders previously pleaded guilty to BlackCat affiliate roles. DigitalMint stated it terminated all employees involved and emphasized the actions violated company policy and ethical standards.

Sources

• https://thehackernews.com/2026/03/us-sentences-russian-hacker-to-675.html

• https://cyberscoop.com/aleksei-volkov-russian-initial-access-broker-sentenced-ransomware/

• https://securityaffairs.com/189900/cyber-crime/81-month-sentence-for-russian-hacker-behind-major-ransomware-campaigns.html

• https://takedowncyber.com/news/us-sentences-russian-hacker-to-675-years-for-role-in-9m-ransomware-damage

• https://www.cypro.se/2026/03/24/u-s-sentences-russian-hacker-to-6-75-years-for-role-in-9m-ransomware-damage/

• https://x.com/TheHackersNews/status/2036335046441968057