A US court has sentenced a Russian citizen, Aleksei Volkov, to more than six years in prison for helping major cyber gangs, including the Yanluowang ransomware group behind the 2022 Cisco breach, to carry out numerous attacks against American companies and organizations.
According to the US Department of Justice (DoJ), Volkov facilitated dozens of ransomware attacks across the US, causing more than $9 million in actual losses and over $24 million in intended losses.
The 26-year-old Russian citizen will be imprisoned in America. After his arrest in Italy in January 2024, Volkov was extradited to the US to face charges. He pleaded guilty in November 2025 and will now spend 81 months in prison.
According to court documents, Volkov – who’s originally from St. Petersburg, Russia – was an initial access broker. This is someone who specializes in gaining unauthorized access to corporate and organizational networks and systems and selling that access to other cyber threat actors, such as ransomware groups.
As per DoJ’s press release, Volkov found vulnerabilities in computer networks and systems, identified ways to access those networks and systems without authorization, and sold that illicit access to conspirators who were also cybercriminals.
Follow us
Volkov’s co-conspirators then used the access he provided to infect the affected computer networks and systems with malware. This malware encrypted victims’ data, preventing them from accessing it and damaging their business operations.
The conspirators then demanded a ransom payment in cryptocurrency – sometimes in the tens of millions of dollars – in exchange for restoring the victims’ access to the data and promising not to publicly disclose the hack or release victims’ stolen data.
“In some cases, the victims paid the ransom, and in others, the conspirators posted the victims’ confidential data on the leak site. If the victims paid the ransom, Volkov received a share of the money,” said the DOJ.
One of the ransomware groups Volkov assisted was the Yanluowang crew, which is now inactive. However, in 2022, the hackers successfully breached Cisco, a US tech giant, and leaked the stolen files on the dark web.
Cisco admitted the leaked files were authentic but said its operations weren’t affected, contradicting Yanluowang’s claims that the group had stolen as much as 55GB of data.
In Chinese mythology, Yanluo Wang is the god of death overseeing the “Ten Kings of Hell.” Given its Chinese name, one would assume the Yanluowang ransomware originates in China.
However, in late October of 2022, the chat logs of the Yanluowang operators were leaked, revealing that the malware originated with Russian-speaking individuals who intentionally masqueraded as Chinese operators to throw off analysts. The gang soon went dark.
Unlock more exclusive Cybernews content on YouTube.
