U.S. sentences Russian hacker Aleksei Volkov to 81 months in prison for aiding ransomware attacks, causing over $9M in damages.
A U.S. court sentenced Aleksei Olegovich Volkov to 81 months in prison for supporting ransomware groups like Yanluowang. He helped carry out dozens of attacks, causing over $9M in losses. Arrested in Italy in 2024 and extradited, he pleaded guilty in November 2025.
“A court in the Southern District of Indiana today sentenced a Russian citizen, Aleksei Volkov, to 81 months in prison for assisting major cybercrime groups, including the Yanluowang ransomware group, in carrying out numerous attacks against U.S. companies and other organizations.” reads the press release published by DoJ. “Volkov facilitated dozens of ransomware attacks throughout the United States, causing over $9 million in actual losses and over $24 million in intended losses.”
Volkov was indicted in two U.S. districts, arrested in Rome, and extradited to the United States, where he pleaded guilty. Authorities say he worked as an “initial access broker,” breaking into corporate networks by exploiting vulnerabilities and selling that access to other cybercriminals, including ransomware groups, enabling further attacks.
The Russian national provided network access that his accomplices used to deploy ransomware, encrypt data, and disrupt operations. Victims were asked to pay large cryptocurrency ransoms to regain access and avoid data leaks. Some paid, others had their data exposed. Volkov received a share of the ransom profits.
“Volkov’s co-conspirators then used the access Volkov provided to infect the affected computer networks and systems with malware. This malware encrypted the victims’ data and prevented the victims from accessing it, damaging their business operations.” continues the press release. “The conspirators then demanded that the victims pay them a ransom in cryptocurrency — sometimes in the tens of millions of dollars — in exchange for restoring the victims’ access to the data and promising not to publicly disclose the hack or release victims’ stolen data on a “leak” website. “
Volkov pleaded guilty in November 2025 to multiple charges, including identity theft, fraud, and conspiracy, after cases were consolidated in Indiana. He admitted hacking networks, stealing data, deploying ransomware, and demanding millions in cryptocurrency. The group shared the profits, and Volkov agreed to pay over $9.1M in restitution and forfeit equipment used in the attacks.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, ransomware)
