A 26-year-old Russian citizen, Aleksei Olegovich Volkov, has been sentenced in the United States to 6.75 years in prison for his involvement in facilitating ransomware attacks targeting U.S. organizations. Court records indicate that Volkov assisted multiple cybercrime groups, including the Yanluowang ransomware crew, in carrying out attacks that caused significant financial and operational damage. Prosecutors report that the attacks resulted in more than $9 million in actual losses and over $24 million in intended losses.
Crimes and Arrest
Volkov, also known by the alias “chubaka.kor”, is reported to have acted as an initial access broker. In this role, he allegedly obtained unauthorized access to corporate networks and systems, exploiting vulnerabilities or other methods, and then sold this access to criminal affiliates. Co-conspirators used the access to deploy malware that encrypted victims’ data, disrupted operations, and demanded ransom payments in cryptocurrency.
Authorities indicate that Volkov received a share of each ransom collected. Victims were sometimes threatened with public disclosure of stolen data if payments were not made. The FBI reportedly traced cryptocurrency transactions and communications between Volkov and co-conspirators to link him to multiple attacks. Volkov was arrested in Rome, Italy, on January 18, 2024, and subsequently extradited to the United States. He pleaded guilty to the charges in November 2025.
Guilty Plea and Sentencing
Volkov pleaded guilty to several charges, including unlawful transfer of identification data, trafficking in access information, access device fraud, aggravated identity theft, computer fraud, and conspiracy to commit money laundering. He has agreed to pay full restitution to the victims, totaling at least $9,167,198, and to forfeit the tools used in the attacks.
The court sentenced Volkov to 81 months in prison. While prosecutors described the financial impact of his actions and the broader threat posed by ransomware networks, the plea and sentence emphasize his role as an intermediary rather than the primary actor in the malware deployment.
Broader Ransomware Activity
Volkov’s case highlights the operational structure of ransomware networks, where brokers, negotiators, and malware operators each play distinct roles. Around the same time, U.S. authorities charged a third individual, Angelo Martino, for negotiating ransom payments on behalf of the BlackCat/ALPHV ransomware group. Martino reportedly controlled cryptocurrency wallets containing millions of dollars and had other assets seized. Two additional BlackCat affiliates, Ryan Clifford Goldberg and Kevin Tyler Martin, also pleaded guilty to related offenses in late 2025. Corporate statements from DigitalMint, the employer of some BlackCat affiliates, condemned the criminal conduct and confirmed that the individuals were terminated for violating company policies and ethical standards.
Conclusion
Volkov’s sentencing marks a continuation of legal action against individuals involved in facilitating ransomware operations. The case illustrates the roles brokers play in enabling cybercrime groups to execute attacks, the financial stakes involved, and the restitution and forfeiture measures applied to compensate victims. While legal authorities highlight the broader threat landscape, the proceedings provide a clear example of how access brokers can be held accountable for facilitating large-scale ransomware campaigns.
0 Comments