Russian National Pleads Guilty to Selling Initial Access to Yanluowang Ransomware Operators

Russian national Alexey Olegovich Volkov has pleaded guilty to providing initial network access to target companies for operators of the Yanluowang ransomware. Between July 2021 and November 2022, Yanluowang operators compromised at least eight companies across the United States.

The Access Broker Business Model

According to the FBI, Volkov operated as an access broker—someone who breaks into corporate networks and sells that access to other criminals. Following his intrusions, ransomware operators encrypted victims' data and demanded ransoms ranging from $300,000 to $15 million in Bitcoin.

In at least two cases, victims paid the ransom. Volkov received a cut from these payments, totaling approximately $1.5 million.

How Investigators Traced the Crimes

Investigators tracked portions of the cryptocurrency payments—specifically $94,259 and $162,220 from two separate Yanluowang attacks—to wallet addresses that Volkov had shared with an accomplice.

This discovery led investigators to obtain a warrant for a server connected to Volkov's activities. The server contained a trove of incriminating evidence: chat logs, stolen data, victim account credentials, and email addresses used in ransom negotiations.

The investigation then expanded across multiple platforms. Authorities traced Volkov through Apple iCloud, cryptocurrency exchanges, and social media accounts, eventually linking these digital identities to his Russian passport and phone number.

Potential LockBit Connection

During the examination of Volkov's Apple account data, investigators uncovered correspondence between him and a user with the alias "LockBit." This discovery suggests the Russian national may have ties to the notorious LockBit ransomware group as well.

Arrest, Extradition, and Victims

Italian authorities arrested Volkov in January 2024, and he was quickly extradited to the United States.

US authorities have linked Volkov to attacks on eight organizations:

• An unnamed Philadelphia-based company
• An engineering firm with 19 offices across the United States
• A California-based company
• A Michigan bank
• An Illinois enterprise
• A Georgia-based company
• An Ohio telecommunications provider
• A Pennsylvania enterprise

Sentencing and Restitution

Volkov now faces a maximum sentence of 53 years in prison on multiple charges, including:

• Unlawful transfer of identification means
• Trafficking in access device data
• Access device fraud
• Aggravated identity theft
• Conspiracy to commit computer fraud
• Conspiracy to commit money laundering

In addition to prison time, Volkov will be required to pay over $9.1 million in restitution to victims of the Yanluowang attacks in which he participated.

The case demonstrates how law enforcement is increasingly capable of tracing cryptocurrency payments and connecting digital identities across multiple platforms to identify cybercriminals operating internationally.

RetryClaude can make mistakes.
Please double-check responses.