• Home
  • cyber
  • Cisco: Russian Access Broker Gets Nearly 7 Yrs for Enabling Millions in Ransomware Extortion
cyber Ransomware

Cisco: Russian Access Broker Gets Nearly 7 Yrs for Enabling Millions in Ransomware Extortion

Jan 18, 2024 2 min read
Cisco: Russian Access Broker Gets Nearly 7 Yrs for Enabling Millions in Ransomware Extortion

Russian Access Broker Sentenced to Over 6 Years for Fueling $24M in Ransomware Attacks

A 26-year-old Russian national, Aleksei Volkov of St. Petersburg, was sentenced to 81 months in prison by a federal court in the Southern District of Indiana for his role as an initial access broker a key player in the ransomware economy. Volkov facilitated dozens of cyberattacks across the U.S., enabling criminal groups like the Yanluowang ransomware operation to breach networks, encrypt data, and extort victims for millions.

Operating as a middleman, Volkov specialized in identifying and selling unauthorized network access to cybercriminals, who then deployed ransomware. His activities resulted in over $9 million in confirmed losses and $24 million in intended damages, with victims ranging from businesses to critical organizations. The Yanluowang group, one of his buyers, previously claimed responsibility for a 2022 breach of Cisco’s corporate network, underscoring the high-profile risks posed by access brokers.

Volkov was arrested in Italy on January 18, 2024, after a Bitcoin transaction linked him to the cybercrime network. Extradited to the U.S., he pleaded guilty to aggravated identity theft and access device fraud, agreeing to pay $9.17 million in restitution to victims. In addition to his prison term, he received two years of supervised probation.

The case highlights the supply-chain dynamics of modern ransomware, where access brokers like Volkov enable large-scale attacks by providing the initial foothold that ransomware groups lack the expertise to secure themselves. Prosecutors emphasized that targeting these brokers disrupts the economic viability of ransomware campaigns, forcing criminal networks to either develop costly in-house intrusion capabilities or expand their supplier base both of which increase their exposure to law enforcement.

Source: https://thecyberexpress.com/russian-access-broker-gets-7-yrs-prison-time/

Cisco cybersecurity rating report: https://www.rankiteo.com/company/cisco

"id": "CIS1774355311",
"linkid": "cisco",
"type": "Ransomware",
"date": "1/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Technology',
                        'location': 'U.S.',
                        'name': 'Cisco',
                        'type': 'Corporation'},
                       {'location': 'U.S.',
                        'type': 'Businesses and Critical Organizations'}],
 'attack_vector': 'Initial Access Broker (Unauthorized Network Access)',
 'data_breach': {'data_encryption': 'Yes (Ransomware Encryption)'},
 'description': 'Aleksei Volkov, a 26-year-old Russian national, was sentenced '
                'to 81 months in prison for his role as an initial access '
                'broker, facilitating dozens of cyberattacks across the U.S. '
                'and enabling ransomware groups like Yanluowang to breach '
                'networks, encrypt data, and extort victims for millions.',
 'impact': {'financial_loss': '$9 million (confirmed losses), $24 million '
                              '(intended damages)',
            'identity_theft_risk': 'Aggravated Identity Theft'},
 'initial_access_broker': {'entry_point': 'Unauthorized Network Access'},
 'investigation_status': 'Closed (Conviction and Sentencing)',
 'lessons_learned': 'The case highlights the supply-chain dynamics of modern '
                    'ransomware, where access brokers enable large-scale '
                    'attacks by providing initial footholds. Targeting brokers '
                    'disrupts the economic viability of ransomware campaigns.',
 'motivation': 'Financial Gain',
 'post_incident_analysis': {'corrective_actions': 'Arrest and prosecution of '
                                                  'access brokers to disrupt '
                                                  'ransomware supply chains',
                            'root_causes': 'Initial access brokers providing '
                                           'unauthorized network access to '
                                           'ransomware groups'},
 'ransomware': {'data_encryption': 'Yes', 'ransomware_strain': 'Yanluowang'},
 'references': [{'source': 'Federal Court Sentencing (Southern District of '
                           'Indiana)'}],
 'regulatory_compliance': {'legal_actions': 'Aggravated Identity Theft, Access '
                                            'Device Fraud'},
 'response': {'law_enforcement_notified': 'Yes (FBI, International Law '
                                          'Enforcement)'},
 'threat_actor': 'Aleksei Volkov (Initial Access Broker), Yanluowang '
                 'Ransomware Group',
 'title': 'Russian Access Broker Sentenced for Fueling $24M in Ransomware '
          'Attacks',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.