A Russian hacker who helped the notorious Yanluowang ransomware gang break into U.S. companies and demand millions of dollars in ransom payments has been sentenced to nearly seven years in prison.

Aleksei Volkov, 26, of St. Petersburg, received an 81-month prison sentence after pleading guilty to charges related to a series of ransomware attacks against organizations across the U.S.

Prosecutors said Volkov operated as an “initial access broker,” a type of cybercriminal who breaks into corporate computer networks and sells that access to other hackers, including ransomware groups.

In 2021 and 2022, Volkov worked with members of the Yanluowang ransomware gang, helping them infiltrate networks and deploy malicious software that locked victims out of their systems, according to court documents.

The attacks targeted a range of organizations, including banks, telecommunications providers and engineering firms in several states, including Pennsylvania, California, Michigan, Illinois, Georgia and Ohio.

Authorities said the campaign caused more than $9 million in actual losses and involved ransom demands totaling more than $24 million.

Volkov was arrested in Rome and later extradited to face charges filed in federal courts in Indiana and Pennsylvania. He pleaded guilty to charges in both states in November.

According to investigators, Volkov identified vulnerabilities in corporate networks and provided that access to co-conspirators who carried out the ransomware attacks. In return, he received a share of the ransom payments.

Victims were typically told to pay ransoms in cryptocurrency — sometimes reaching tens of millions of dollars — in exchange for restoring access to their systems and preventing the release of stolen data on leak sites.

As part of his sentence, Volkov agreed to pay at least $9 million in restitution to victims and forfeit equipment used in the hacking operation.

The FBI also found evidence that Volkov had communicated with members of the LockBit ransomware group, another prolific cybercrime operation.

Cybersecurity researchers first identified the Yanluowang ransomware gang in 2021. Despite the group’s Chinese-sounding name, investigators later determined that its members were likely posing as Chinese hackers, a tactic used to obscure their identities.

The group ultimately disbanded in late 2022 after its leak site was hacked and thousands of internal chat messages were published online. At least one member of the group was believed to be affiliated with the Russian Ministry of Defense.