A Russian national was sentenced to nearly 7 years in prison after pleading guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks.

As 26-year-old Aleksey Olegovich Volkov (also known online as "chubaka.kor" and "nets") admitted in his November guilty plea, he targeted at least eight companies across the United States between July 2021 and November 2022.

Volkov said that he breached corporate networks and sold that access to the Yanluowang ransomware-as-a-service (RaaS) operation, whose affiliates encrypted victims' data and sent ransom demands ranging from $300,000 to $15 million.

He was extradited to the U.S. after being arrested in Italy in January 2024. U.S. prosecutors charged him after the Yanluowang gang stole non-sensitive files from a Cisco employee's Box folder, but failed to encrypt systems and collect a ransom.

"As part of his plea, Volkov admitted that he and his co-conspirators hacked into numerous victims' computer networks, stole their data, deployed ransomware, demanded payment in cryptocurrency to exchange for restoring access to the data, and divided the ransom payments among themselves," the Justice Department said on Monday. 

As revealed in court documents, the FBI recovered chat logs, stolen data, victims' network credentials, and evidence that Yanluowang email accounts were used for ransom negotiations after seizing a server linked to the ransomware gang.

They also traced Volkov's identity through Apple iCloud data, cryptocurrency exchange records, and social media accounts (including a Twitter account) linked to his Russian passport and phone number.

The recovered chat logs showed Volkov negotiating deals with an accomplice for a percentage of the ransom payments in exchange for providing credentials to some of Yanluowang's victims' networks. The FBI said that Volkov's percentage of the collected ransoms reached $1.5 million.

According to an affidavit signed by FBI Special Agent Jeffrey Hunter, while reviewing documents obtained from Volkov's Apple account, the investigators also discovered a screenshot of a chat with a user named LockBit, suggesting an additional potential link to the notorious LockBit ransomware gang.

Volkov was sentenced to 81 months in prison after initially facing a maximum sentence of 53 years, and is required to pay over $9 million in restitution to the victims of the Yanluowang ransomware attacks.

"Volkov agreed to pay full restitution to victims including at least $9,167,198.19 to known victims to compensate them for their actual losses as well as to forfeit equipment he used for his crimes," the Justice Department added.