Full Report
A federal court in Indiana sentenced a Russian cybercriminal to 81 months in prison on charges related to his role as an initial access broker for ransomware groups. Aleksei Volkov, 26, of St. Petersburg, Russia, pleaded guilty in November 2025 to six federal charges stemming from his work with the Yanluowang ransomware group and other […] The post Russian access broker sentenced to over 6 years in prison for ransomware schemes appeared first on CyberScoop.
Analysis Summary
# Threat Actor: Aleksei Volkov (chubaka.kor)
## Attribution & Identity
* **Name:** Aleksei Volkov
* **Aliases:** chubaka.kor
* **Origin:** St. Petersburg, Russia
* **Known Associations:** Yanluowang ransomware group; various other cybercriminal organizations.
* **Status:** Sentenced to 81 months in federal prison (U.S.) following extradition from Rome, Italy.
## Activity Summary
Volkov operated as a prolific **Initial Access Broker (IAB)** between July 2021 and November 2022. He specialized in the "pre-attack" phase of ransomware operations, performing the breach and selling network entry to high-level ransomware affiliates. His facilitated attacks resulted in over $9 million in actual victim losses and attempted losses exceeding $24 million.
## Tactics, Techniques & Procedures
* **Initial Access Brokerage:** Identifying and exploiting vulnerabilities in corporate networks to gain persistence.
* **Vulnerability Exploitation:** Probing and compromising perimeter defenses/software flaws.
* **Monetization Models:**
* Flat-fee sales of network credentials/access.
* Percentage-based commissions from successful ransom payments (affiliate model).
* **Identity Theft:** Trafficking in access information and unlawful transfer of identification means.
* **Multi-Extortion (Associated Group TTPs):** While Volkov provided access, the Yanluowang group he supported utilized:
* **Data Theft/Leak Sites:** Shaming victims by publishing stolen data.
* **Harassment:** Making threatening/harassing phone calls to victim employees.
* **DDoS:** Launching Distributed Denial of Service attacks to pressure victims during negotiations.
## Targeting
* **Sectors:**
* Engineering
* Banking/Financial Services
* General Corporate Infrastructure
* **Geography:** Primarily United States (specifically Indiana and other jurisdictions).
* **Victims:** At least seven specific U.S. businesses were identified in the prosecution; two of these victims paid $1.5 million in total.
## Tools & Infrastructure
* **Malware Families:** Yanluowang Ransomware (facilitated deployment).
* **Infrastructure:**
* Leak websites (used by co-conspirators for data shaming).
* Compromised access devices and identification means.
## Implications
Volkov’s case highlights the professionalization of the ransomware supply chain. The role of the Initial Access Broker (IAB) lowers the barrier to entry for ransomware gangs, allowing them to focus on extortion while outsourcing the technical difficulty of the initial breach. His sentencing represents a significant disruption to a key "middleman" who bridged the gap between raw vulnerabilities and large-scale extortion events.
## Mitigations
* **Vulnerability Management:** Prioritize patching of internet-facing assets to prevent IABs from gaining the "initial access" they sell.
* **Multi-Factor Authentication (MFA):** Implement robust MFA across all remote access points (VPN, RDP, Cloud Portals) to neutralize stolen credentials sold by brokers.
* **Endpoint Detection and Response (EDR):** Deploy EDR tools to identify the lateral movement and "hands-on-keyboard" activity typical of brokers during the discovery phase.
* **Dark Web Monitoring:** Monitor criminal forums for mentions of corporate domains or leaked credentials that indicate an IAB is "parking" on or selling access to the network.