Aleksei Volkov, a 26-year-classic Russian citizen, was sentenced to 81 months in prison today for his role in facilitating numerous ransomware attacks against U.S. Companies and organizations. Volkov pleaded guilty to multiple charges stemming from indictments in both the Southern District of Indiana and the Eastern District of Pennsylvania.
The Role of an “Initial Access Broker”
Court documents describe Volkov as an “initial access broker,” specializing in gaining unauthorized access to computer networks and selling that access to cybercriminals, including the Yanluowang ransomware group. He identified vulnerabilities and exploited them to provide access to his co-conspirators.
Once inside a network, Volkov’s co-conspirators deployed malware that encrypted data, effectively shutting down business operations. Ransom demands, sometimes reaching tens of millions of dollars, were made in cryptocurrency in exchange for restoring access and preventing the public release of stolen data. In some instances, victims paid the ransom, and Volkov received a portion of the illicit proceeds.
Financial Impact and Guilty Plea
The attacks facilitated by Volkov caused over $9 million in actual losses and over $24 million in intended losses. On November 25, 2025, Volkov pleaded guilty to six counts, including unlawful transfer of a means of identification, trafficking in access information, and conspiracy to commit computer fraud and money laundering. As part of his plea agreement, Volkov has agreed to pay full restitution to victims, totaling at least $9,167,198.19, and to forfeit the equipment used in the commission of his crimes.
The investigation was conducted by the FBI, with assistance from the Justice Department’s Office of International Affairs and the Government of Italy. The case is being prosecuted by several attorneys from the Criminal Division’s Computer Crime and Intellectual Property Section and the U.S. Attorney’s Offices for the Southern and Eastern Districts of Indiana and the Eastern District of Pennsylvania.
Frequently Asked Questions
What was Aleksei Volkov’s specific role in the cyberattacks?
Volkov acted as an “initial access broker,” gaining unauthorized access to computer networks and selling that access to ransomware groups like Yanluowang.
How much money was involved in these attacks?
The attacks caused over $9 million in actual losses and over $24 million in intended losses. Ransom demands reached tens of millions of dollars, with millions ultimately paid by victims.
Where was Volkov apprehended?
Volkov was arrested by police in Rome, Italy, and then extradited to the United States.
As Volkov begins his sentence, it remains to be seen what impact this prosecution will have on the broader network of cybercriminals operating internationally.
