A Russian national has been sentenced to 81 months in prison for acting as an initial access broker for Yanluowang ransomware attacks, in a case that highlights how criminal access markets fuel major extortion campaigns . Prosecutors said the defendant targeted at least eight U.S. companies, sold stolen access to ransomware operators, and helped enable ransom demands that ranged from hundreds of thousands of dollars to millions.
Aleksey Olegovich Volkov, also known online as “chubaka.kor” and “nets,” pleaded guilty in November and admitted to hacking into corporate networks, stealing data, and passing that access along to the Yanluowang ransomware-as-a-service group . According to the report, the gang encrypted victims’ data, demanded payment in cryptocurrency, and shared the proceeds among participants.
The investigation was built from a wide set of digital evidence, including chat logs, stolen files, victims’ credentials, and records recovered after the FBI seized a server linked to the ransomware operation. Investigators also traced Volkov through Apple iCloud data, cryptocurrency exchange records, social media accounts, and other identifiers tied to his passport and phone number.
Court records showed that Volkov negotiated a share of ransom proceeds in exchange for delivering access to victim networks, and the FBI said his cut of collected ransoms reached $1.5 million. Prosecutors also noted that a screenshot recovered from his Apple account suggested a possible additional connection to the LockBit ransomware gang.
Volkov was extradited to the United States after being arrested in Italy in January 2024, and he now must pay more than $9 million in restitution to victims . The Justice Department said he agreed to cover at least $9,167,198.19 in losses and forfeit equipment used in the crimes, underscoring the financial damage caused by ransomware support roles beyond the attackers who deploy the malware .