Russian Hacker Jailed for 81 Months Over $9M Ransomware Attacks

A tribunal successful the Southern District of Indiana sentenced Russian national Aleksei Volkov, 26, to 81 months successful situation Monday for assisting large cybercrime groups including the Yanluowang ransomware radical successful attacks that caused implicit $9 cardinal successful existent losses and implicit $24 cardinal successful intended losses crossed the United States.

Volkov, of St. Petersburg, Russia, operated arsenic an "initial entree broker"—a specializer who gains unauthorized entree to firm networks and sells that entree to different menace actors, according to court documents. His buyers utilized the entree to deploy ransomware that encrypted victims' data, past demanded cryptocurrency payments—"sometimes successful the tens of millions of dollars"—in speech for restoring entree and not publishing stolen information connected leak sites.

On November 25, 2025, Volkov pleaded blameworthy to 4 counts from the Southern District of Indiana indictment—unlawful transportation of a means of identification, trafficking successful entree information, entree instrumentality fraud, and aggravated individuality theft—plus 2 counts from the Eastern District of Pennsylvania indictment for conspiracy to perpetrate machine fraud and conspiracy to perpetrate wealth laundering. Police successful Rome, Italy, had arrested Volkov earlier his extradition to the United States.

As portion of his plea agreement, Volkov admitted that helium and co-conspirators "demanded tens of millions of dollars successful ransom and received millions," with Volkov receiving a stock of cryptocurrency ransom payments. The tribunal ordered him to wage afloat restitution including astir $9.2 cardinal to known victims and to forfeit instrumentality utilized successful his crimes.

Ransomware and crypto

Ransomware, often leveraging cryptocurrency for payment, remains a situation for the crypto space. Per Chainalysis’ 2026 Crypto Crime Report, on-chain ransomware payments totaled $820 cardinal successful 2025, down 8% year-on-year, portion claimed attacks accrued by 50% and the median ransom outgo grew 368% year-over-year to astir $60,000.

In caller months, ransomware developers person turned to blockchain smart contracts as a organisation channel, including the DeadLock ransomware strain that leverages Polygon astute contracts for proxy server code rotation and distribution, and EtherHiding, which targets BNB Smart Chain and Ethereum astute contracts.