Yanluowang ransomware access broker gets 81 months in prison

News

Featured
Latest

TeamPCP deploys Iran-targeted wiper in Kubernetes attacks

Microsoft Azure Monitor alerts abused for callback phishing attacks

Crunchyroll probes breach after hacker claims to steal 6.8M users' data

Microsoft Exchange Online service change causes email access issues

Microsoft fixes bug causing Classic Outlook sync issues with Gmail

Zero Trust: Bridging the Gap Between Authentication and Trust

HackerOne discloses employee data breach after Navia hack

Infinite Campus warns of breach after ShinyHunters claims data theft

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Virus Removal Guides
Startup Database
Uninstall Database
Glossary
Send us a Tip!
Welcome Guide

HomeNewsSecurityYanluowang ransomware access broker gets 81 months in prison

Yanluowang ransomware access broker gets 81 months in prison

By Sergiu Gatlan

March 24, 2026
09:06 AM
0

A Russian national was sentenced to nearly 7 years in prison after pleading guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks.
As 26-year-old Aleksey Olegovich Volkov (also known online as "chubaka.kor" and "nets") admitted in his November guilty plea, he targeted at least eight companies across the United States between July 2021 and November 2022.
Volkov said that he breached corporate networks and sold that access to the Yanluowang ransomware-as-a-service (RaaS) operation, whose affiliates encrypted victims' data and sent ransom demands ranging from $300,000 to $15 million.
He was extradited to the U.S. after being arrested in Italy in January 2024. U.S. prosecutors charged him after the Yanluowang gang stole non-sensitive files from a Cisco employee's Box folder, but failed to encrypt systems and collect a ransom.
"As part of his plea, Volkov admitted that he and his co-conspirators hacked into numerous victims' computer networks, stole their data, deployed ransomware, demanded payment in cryptocurrency to exchange for restoring access to the data, and divided the ransom payments among themselves," the Justice Department said on Monday. 
As revealed in court documents, the FBI recovered chat logs, stolen data, victims' network credentials, and evidence that Yanluowang email accounts were used for ransom negotiations after seizing a server linked to the ransomware gang.
They also traced Volkov's identity through Apple iCloud data, cryptocurrency exchange records, and social media accounts (including a Twitter account) linked to his Russian passport and phone number.
The recovered chat logs showed Volkov negotiating deals with an accomplice for a percentage of the ransom payments in exchange for providing credentials to some of Yanluowang's victims' networks. The FBI said that Volkov's percentage of the collected ransoms reached $1.5 million.
According to an affidavit signed by FBI Special Agent Jeffrey Hunter, while reviewing documents obtained from Volkov's Apple account, the investigators also discovered a screenshot of a chat with a user named LockBit, suggesting an additional potential link to the notorious LockBit ransomware gang.
Volkov was sentenced to 81 months in prison after initially facing a maximum sentence of 53 years, and is required to pay over $9 million in restitution to the victims of the Yanluowang ransomware attacks.
"Volkov agreed to pay full restitution to victims including at least $9,167,198.19 to known victims to compensate them for their actual losses as well as to forfeit equipment he used for his crimes," the Justice Department added.

Red Report 2026: Why Ransomware Encryption Dropped 38%
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
Download The Report

Related Articles:
How a Brute Force Attack Unmasked a Ransomware Infrastructure NetworkPhobos ransomware admin pleads guilty to wire fraud conspiracyEx-L3Harris exec jailed for selling zero-days to Russian exploit brokerInitial access hackers switch to Tsundere Bot for ransomware attacksRussian hackers exploit Zimbra flaw in Ukrainian govt attacks

Hacker
Hacking
IAB
Initial Access Broker
Prison
Ransomware
Russia
Yanluowang

Sergiu Gatlan
Sergiu is a news reporter who has covered the latest cybersecurity and technology developments for over a decade. Email or Twitter DMs for tips.

Previous Article
Next Article

Post a Comment Community Rules

You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Popular Stories

Microsoft Azure Monitor alerts abused for callback phishing attacks

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

VoidStealer malware steals Chrome master key via debugger trick

Sponsor Posts

Overdue a password health-check? Audit your Active Directory for free

Overdue a password health-check? Audit your Active Directory for free

AI is a data-breach time bomb: Read the new report

Cyber resilience without the complexity. Join Zero Networks to stop lateral movement fast.

Are refund fraud methods targeting your brand? You can monitor the underground for these threats.

Follow us:

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure

Copyright @ 2003 - 2026 Bleeping Computer® LLC - All Rights Reserved

Login

Username

Password

Remember Me

Sign in anonymously

Sign in with Twitter

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

A 26-year-old Russian national, Aleksey Olegovich Volkov, also known as “chubaka.kor” and “nets,” received a sentence of 81 months in prison following a guilty plea related to his role as an initial access broker (IAB) for the Yanluowang ransomware operation. Volkov’s activities spanned from July 2021 to November 2022, during which he targeted at least eight companies within the United States. His operation involved breaching corporate networks and subsequently selling access to the Yanluowang RaaS group, which then executed ransomware attacks and demanded substantial ransom payments, ranging from $300,000 to $15 million.

The Justice Department’s investigation, spearheaded by the FBI, revealed a complex operation. The investigation uncovered evidence of Volkov’s direct involvement in compromising victim networks, stealing data, deploying ransomware, and negotiating ransom payments with affiliates. Specifically, he secured a percentage of the collected ransoms, amounting to $1.5 million. Investigators leveraged recovered digital evidence to trace Volkov's identity, utilizing data from Apple iCloud accounts, cryptocurrency exchange records, and social media activity—including a Twitter account linked to his Russian passport and phone number—to build a comprehensive case.

Crucially, the investigation revealed communication between Volkov and what appeared to be the LockBit ransomware gang through chat logs, suggesting a potential collaboration. The FBI’s discovery of chat logs, stolen data, network credentials, and ransom negotiation records, alongside the seizure of a server linked to the Yanluowang group, solidified the prosecution's case. The recovered materials provided a detailed account of the attacks and Volkov’s role within them and helped to identify the methods used by the ransomware gang.

Ultimately, Volkov was ordered to pay over $9 million in restitution to the victims, including $9,167,198.19 to known victims, and to forfeit equipment used in his criminal activities. This restitution aims to compensate the victims for their losses resulting from the ransomware attacks. The case highlights the increasingly sophisticated nature of ransomware operations, with IABs playing a critical role in facilitating attacks and disrupting security efforts. The protracted investigation, involving meticulous data analysis and digital forensics, underscored the challenges in combating these cybercrime schemes and effectively bringing perpetrators to justice.