A Russian citizen who operated as an initial access broker for the Yanluowang ransomware group has been sentenced to 81 months (6.75 years) in U.S. federal prison, the Department of Justice announced on March 23, 2026. The defendant, Aleksei Olegovich Volkov, 26, also known online as chubaka.kor, was ordered to pay $9,167,198.19 in restitution to victims and will serve two years of supervised probation following his release.
Who Is Aleksei Volkov?
Volkov worked as what the cybersecurity industry calls an initial access broker (IAB) — a specialized criminal role that focuses on breaching corporate networks and then selling that unauthorized access to ransomware operators and other threat actors, rather than executing the full attack chain himself. Prosecutors described Volkov as particularly skilled at finding exploitable vulnerabilities in U.S. corporate networks, breaking in quietly, and auctioning off the "keys" to groups like Yanluowang.
Between July 2021 and November 2022, Volkov facilitated numerous ransomware attacks across the United States, targeting banks, telecommunications companies, and engineering firms in Pennsylvania, California, Michigan, Illinois, Georgia, and Ohio. Prosecutors calculated the attacks caused more than $9 million in actual losses and over $24 million in intended losses.
Arrest, Extradition, and Guilty Plea
After a multi-year FBI investigation, Volkov was arrested in Rome in January 2024 and subsequently extradited to the United States. On November 25, 2025, he pleaded guilty in two separate federal courts to a total of six counts:
- Southern District of Indiana: Unlawful transfer of a means of identification, trafficking in access information, access device fraud, and aggravated identity theft.
- Eastern District of Pennsylvania: Conspiracy to commit computer fraud and conspiracy to commit money laundering.
As part of his plea agreement, Volkov also agreed to the $9 million restitution order.
About Yanluowang Ransomware
The Yanluowang ransomware group, which Volkov supplied with corporate access, is a sophisticated threat actor first observed in 2021. The group is best known for employing "triple extortion" tactics — encrypting victim data, threatening public data leaks, and simultaneously launching distributed denial-of-service (DDoS) attacks against victims who refused to pay, while also placing threatening calls to employees and business partners.
Yanluowang previously claimed responsibility for a 2022 breach of Cisco's corporate network, which Cisco confirmed involved the compromise of an employee's personal Google account that synced corporate credentials.
Broader Law Enforcement Context
The sentencing of Volkov is part of a broader U.S. government push to prosecute every link in the ransomware supply chain — not just the operators who deploy ransomware, but also the access brokers, money launderers, and cryptocurrency cashers who make the ecosystem function. Initial access brokers are increasingly targeted by Western law enforcement because disrupting access sales upstream can prevent attacks before they begin.
The case was investigated by the FBI's Indianapolis and Philadelphia field offices, with assistance from Italian law enforcement authorities that facilitated Volkov's arrest and extradition.