US Prisons Russian Access Broker for Aiding Ransomware Attacks

Summary

Aleksei Volkov, a 26-year-old Russian national, has been sentenced to 81 months in prison for serving as an initial access broker in Yanluowang ransomware attacks that caused over $9 million in victim losses. Volkov pleaded guilty in November 2025 and has agreed to pay $9 million in restitution; he was arrested by Italian police and extradited to the US. The Yanluowang group was active in 2021–2022 and notably targeted Cisco and other US financial organizations, with connections to UNC2447 and Lapsus$.

Full text

The US Justice Department announced this week that Russian national Aleksei Volkov has been sentenced to 81 months in prison for his role in ransomware attacks. Volkov, 26, has been accused of taking part in Yanluowang ransomware attacks that caused more than $9 million in losses — the cybercriminals attempted to extort $24 million in ransom from targeted organizations, the DOJ said. The man served as an initial access broker for the operation, gaining access to the targeted organizations’ systems and then handing over that access to other members of the operation, who specialized in malware deployment and data theft. Following his indictment, Volkov was arrested by Italian police in Rome and later extradited to the US to stand trial.Advertisement. Scroll to continue reading. The hacker pleaded guilty in November 2025, admitting that he and his co-conspirators hacked into company networks, stole data, deployed ransomware, and demanded a ransom payment. In addition to the prison sentence, the Russian national has agreed to pay more than $9 million in restitution to victims. The Yanluowang ransomware group was active in 2021 and 2022. It made headlines in late 2021 for targeting financial corporations and other types of organizations in the United States. One of the cybercrime gang’s most notable attacks was against Cisco. Information shared by the networking giant in mid-2022 attributed the attack to an initial access broker with ties to the Russia-linked threat actor UNC2447 and to Lapsus$. Related: Russian Ransomware Operator Pleads Guilty in US Related: Dutch Port Hacker Sentenced to Prison Related: 3 Men Charged With Conspiring to Smuggle US Artificial Intelligence to China Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs Stryker Says Malicious File Found During Probe Into Iran-Linked AttackM-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 SecondsOracle Releases Emergency Patch for Critical Identity Manager VulnerabilityCritical Quest KACE Vulnerability Potentially Exploited in AttacksUS Confirms Handala Link to Iran Government Amid Takedown of Hackers’ SitesAisuru and Kimwolf DDoS Botnets Disrupted in International OperationMarquis Data Breach Affects 672,000 IndividualsCISA Warns of Attacks Exploiting Recent SharePoint Vulnerability Latest News HackerOne Employee Data Exposed in Massive Navia BreachDoE Publishes 5-Year Energy Security PlanWhy Agentic AI Systems Need Better Governance – Lessons from OpenClawPoland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy SectorRSAC 2026 Conference Announcements Summary (Day 1)Extortion Group Claims It Hacked AstraZenecaChrome 146 Update Patches High-Severity VulnerabilitiesWebinar Today: Putting CIS Controls and Benchmarks into Practice Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the MoveThe US Senate confirmed Markwayne Mullin as DHS Secretary.7AI has appointed Israel Barak as its first Chief Information Security Officer.Brian Harrell has been appointed Chief Security Officer at FirstEnergy.More People On The MoveExpert Insights Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle with Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How to 10x Your Vulnerability Management Program in the Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose a Critical Flaw in Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

• malware — Yanluowang