Russian initial access broker gets 81 months in prison for helping ransomware gangs hit U.S. companies
4 min. read 
Published on
Aleksei Volkov, a 26-year-old Russian national from St. Petersburg, has been sentenced to 81 months in federal prison for helping major cybercrime groups, including the Yanluowang ransomware gang, attack U.S. companies and other organizations. The U.S. Department of Justice said Volkov acted as an initial access broker, a criminal specialist who breaks into networks and then sells that access to other attackers.
According to the Justice Department, Volkov’s role enabled dozens of ransomware attacks across the United States. Prosecutors said those attacks caused more than $9 million in actual losses and more than $24 million in intended losses. That made him a key part of the ransomware supply chain, even though he did not deploy every attack himself.
The case shows how modern ransomware operations now split jobs between specialists. One group steals access, another moves through the victim’s network, and another handles extortion. In Volkov’s case, U.S. prosecutors said he found ways into corporate systems, sold that access to co-conspirators, and then received a share of the ransom proceeds in cases where victims paid.
The Justice Department also said Volkov’s co-conspirators used that access to encrypt data, disrupt business operations, and pressure victims into paying cryptocurrency ransoms. In some cases, the attackers threatened to leak stolen data on public extortion sites if companies refused to pay.
How Volkov fit into the ransomware chain
Initial access brokers have become a major force in cybercrime because they save ransomware gangs time. Instead of running their own phishing or brute-force campaigns from scratch, ransomware operators can simply buy ready-made access to a corporate network and move straight to extortion.
According to the DOJ, that is exactly what Volkov did. He specialized in identifying vulnerabilities, gaining unauthorized access to networks, and selling that foothold to other criminals. After that, his partners took over and launched the ransomware phase of the attack.
Key case details
| Detail | Confirmed information |
|---|---|
| Defendant | Aleksei Volkov, 26, of St. Petersburg, Russia |
| Sentence | 81 months in federal prison |
| Role | Initial access broker |
| Linked group | Yanluowang ransomware group, among others |
| Actual losses | Over $9 million |
| Intended losses | Over $24 million |
| Arrest location | Rome, Italy |
| U.S. case districts | Southern District of Indiana and Eastern District of Pennsylvania |
Charges and guilty plea
The Justice Department said Volkov pleaded guilty on November 25, 2025, after cases from Indiana and Pennsylvania were consolidated in the Southern District of Indiana. He admitted to four counts from the Indiana case and two counts from the Pennsylvania case.
Those counts included:
- Unlawful transfer of a means of identification
- Trafficking in access information
- Access device fraud
- Aggravated identity theft
- Conspiracy to commit computer fraud
- Conspiracy to commit money laundering
Arrest, extradition, and restitution
Police arrested Volkov in Rome, Italy, and he was later extradited to the United States, according to the DOJ. The department said the prosecution brought together indictments from the Southern District of Indiana and the Eastern District of Pennsylvania, with support from the FBI’s Indianapolis and Philadelphia field offices.
Your sample says the court ordered over $9.1 million in restitution and forfeiture of hacking equipment. I could confirm the sentencing, charges, extradition, and loss figures from the DOJ release, but the DOJ page returned in my search excerpt did not show the exact restitution sentence or the equipment forfeiture line in the visible text. Because of that, I would not state those details as confirmed unless you want me to dig further into court filings.
Why this case matters
This sentence matters because it targets a key middle layer of the ransomware economy. Initial access brokers do not always make headlines, but they make large-scale ransomware attacks easier to launch. By selling verified entry into corporate environments, they help extortion groups skip one of the hardest parts of the intrusion process.
The DOJ’s case against Volkov reflects a broader law enforcement strategy: disrupt the suppliers, not just the ransomware brand names. That approach aims to make it harder for extortion gangs to scale attacks across multiple victims.
FAQ
He is a Russian national whom the U.S. Justice Department identified as an initial access broker who sold unauthorized network access to cybercriminal groups, including Yanluowang.
A federal court in the Southern District of Indiana sentenced him to 81 months in prison on March 23, 2026.
The DOJ described him mainly as an initial access broker. He gained access to networks and sold that access to other cybercriminals, who then carried out ransomware attacks and extortion.
The Justice Department said the attacks caused over $9 million in actual losses and over $24 million in intended losses.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages