U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage

Summary

Aleksei Olegovich Volkov, a 26-year-old Russian citizen, was sentenced to 81 months in prison for acting as an initial access broker who facilitated dozens of ransomware attacks by groups including Yanluowang, causing over $9 million in actual losses. Arrested in Italy in January 2024 and extradited to the U.S., Volkov pleaded guilty and agreed to pay full restitution of at least $9.17 million. The case also highlights charges against a third BlackCat ransomware negotiator, Angelo Martino, with authorities seizing nearly $9.2 million in cryptocurrency and luxury assets.

Full text

U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage Ravie LakshmananMar 24, 2026Cybercrime / Network Security A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organizations. According to the U.S. Department of Justice (DoJ), Aleksei Olegovich Volkov facilitated dozens of ransomware attacks across the U.S., causing more than $9 million in actual losses and over $24 million in intended losses. Volkov was arrested on January 18, 2024, in Italy and extradited to the U.S. to face charges. He pleaded guilty to the crimes in November 2025. Volkov is said to have served as an initial access broker responsible for obtaining unauthorized access to computer networks and systems belonging to various organizations and selling that access to other criminal groups, including ransomware actors. This was accomplished by exploiting vulnerabilities or finding ways to access the networks without authorization. "Volkov's co-conspirators then used the access Volkov provided to infect the affected computer networks and systems with malware," the DoJ said. "This malware encrypted the victims' data and prevented the victims from accessing it, damaging their business operations." "The conspirators then demanded that the victims pay them a ransom in cryptocurrency — sometimes in the tens of millions of dollars — in exchange for restoring the victims' access to the data and promising not to publicly disclose the hack or release victims’ stolen data on a 'leak' website." Every time a victim paid a ransom, Volkov received a share of the illicit proceeds. He was charged with unlawful transfer of a means of identification, trafficking in access information, access device fraud, and aggravated identity theft, in addition to two counts of computer fraud and conspiracy to commit money laundering. As part of the guilty plea, the defendant has agreed to pay full restitution to victims, including at least $9,167,198 to known victims to compensate them for their actual losses, along with forfeiting the tools used to pull off the crimes. U.S. Charges Third Ransomware Negotiator Linked to BlackCat Attacks The disclosure comes as U.S. prosecutors have charged a third individual with acting as a negotiator for the BlackCat (aka ALPHV) ransomware gang, helping the threat actors extort higher payouts from at least 10 victims. The 41-year-old man, Angelo Martino (previously identified only as "Co-Conspirator 1"), worked as a ransomware negotiator for DigitalMint. Authorities have confiscated nearly $9.2 million in five types of cryptocurrency (Bitcoin, Monero, Ripple, Solana, and Stellar) from 21 wallets controlled by Martino, in addition to seizing luxury vehicles and properties. He faces up to 20 years in prison. Two other incident responders, Ryan Clifford Goldberg and Kevin Tyler Martin, pleaded guilty to their roles as BlackCat affiliates in December 2025. In a statement shared with The Record, DigitalMint said the actions were in violation of the company's policy and ethical standards, and that it had terminated both Martino and Martin after their behavior came to light. "DigitalMint condemns these individuals' criminal behavior, which is a clear violation of our values, our ethical standards, and the law," it said. "Our firm and industry both exist to support organizations suffering from the impacts of a cyberattack, and this runs completely counter to what we stand for." Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  cryptocurrency, Cybercrime, cybersecurity, data breach, identity theft, law enforcement, Malware, network security, ransomware Trending News FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack and More Veeam Patches 7 Critical Backup and Replication Flaws Allowing Remote Code Execution Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8 Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026 Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration ⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents and More CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS Popular Resources Webinar - Identify Key Attack Paths to Your Crown Jewels with CSMA Guide - Discover How to Validate AI Risks With Adversarial Testing Get the 2026 ASV Report to Benchmark Top Validation Tools Fix Security Noise by Focusing Only on Validated Exposures

Indicators of Compromise

• malware — Yanluowang
• malware — BlackCat (ALPHV)