This article details the conviction of an initial access broker (IAB), a threat actor who specializes in hacking into victim networks to sell that unauthorized access to ransomware groups, thereby accelerating the cybercrime supply chain. The IAB, Aleksei Volkov, was directly involved in deploying ransomware and extorting victims, causing over $9 million in losses. His arrest, extradition, and 81-month prison sentence demonstrate a significant legal action against this key component of the ransomware ecosystem.
A prolific initial access broker (IAB) who played a key role in dozens of ransomware attacks costing victims over $9m, has been sentenced to 81 months behind bars in the US. Russian national, Aleksei Volkov, 26, of St. Petersburg, was sentenced in an Indiana court yesterday. He pleaded guilty last November to unlawful transfer of a means of identification, trafficking in access information, access device fraud, and aggravated identity theft. He had also pleaded guilty in a Pennsylvania court to conspiracy to commit computer fraud and conspiracy to commit money laundering, before the cases were consolidated in Indiana. Volkov and his co-conspirators admitted to hacking victims’ networks, stealing their data, deploying ransomware and then dividing between themselves the ransom they subsequently extorted. The Department of Justice (DoJ) claimed that they tried to extort victim organizations to the tune of $24m. Read more on IABs: Cybercriminals Exploit Low-Cost Initial Access Broker Market. Volkov was accused of working as an IAB for several “major cybercrime groups,” including the Yanluowang ransomware operation. IABs continue to comprise an important part of the cybercrime supply chain, selling unauthorized access to networks to mainly ransomware-as-a-service (RaaS) outfits. This helps to lower the barriers to entry for these groups, while also speeding up attacks. Yanluowang Ransomware Unmasked Yanluowang was first spotted in 2021 using aggressive "triple extortion" tactics whereby data would be stolen and encrypted and then victims threatened with DDoS as well as “calls to employees and business partners” if they didn’t pay up. Despite the name, which references a Chinese deity linked to the underworld, the group was subsequently found to be Russian. It was unmasked by researchers in 2022 after a whistleblower shared thousands of internal messages on Twitter. Among its members were leader and payroll manager “Saint,” lead developer Killanas (aka "coder0") and pen-testers “Felix” and “Shoker.” The group counted Cisco and Walmart among its victims. In a rare move, Volkov eschewed the relative safety of Russia and was arrested in Rome in 2024 after being indicted in the US the previous year. He was then extradited to the US in 2025. He has agreed to pay restitution of at least $9.2m to compensate known victims for their losses.