• Home
  • cyber
  • Cisco: Yanluowang ransomware access broker gets 81 months in prison
cyber Ransomware

Cisco: Yanluowang ransomware access broker gets 81 months in prison

Jul 1, 2021 2 min read
Cisco: Yanluowang ransomware access broker gets 81 months in prison

Russian Initial Access Broker Sentenced to Nearly 7 Years for Role in Yanluowang Ransomware Attacks

A 26-year-old Russian national, Aleksey Olegovich Volkov (also known as "chubaka.kor" and "nets"), has been sentenced to 81 months in prison for his role as an initial access broker (IAB) in the Yanluowang ransomware attacks. Volkov pleaded guilty in November 2023 to breaching corporate networks of at least eight U.S. companies between July 2021 and November 2022, selling that access to the Yanluowang ransomware-as-a-service (RaaS) operation.

The Yanluowang affiliates encrypted victims' data and demanded ransoms ranging from $300,000 to $15 million. Volkov was extradited to the U.S. after his arrest in Italy in January 2024. U.S. prosecutors charged him following an incident where the Yanluowang gang stole files from a Cisco employee's Box folder but failed to encrypt systems or collect a ransom.

As part of his plea, Volkov admitted to hacking into victims' networks, stealing data, deploying ransomware, and demanding cryptocurrency payments. The Justice Department revealed that the FBI recovered chat logs, stolen data, victims' network credentials, and evidence of ransom negotiations from a seized server linked to the gang.

Investigators traced Volkov's identity through Apple iCloud data, cryptocurrency exchange records, and social media accounts linked to his Russian passport and phone number. The chat logs showed Volkov negotiating a percentage of ransom payments, which totaled $1.5 million. Additionally, a screenshot from Volkov's Apple account suggested a potential link to the LockBit ransomware gang.

Volkov was initially facing a maximum sentence of 53 years but was sentenced to 81 months in prison. He is required to pay over $9 million in restitution to the victims of the Yanluowang ransomware attacks. The Justice Department stated that Volkov agreed to pay full restitution to known victims, totaling $9,167,198.19, and forfeit equipment used in his crimes.

Source: https://www.bleepingcomputer.com/news/security/yanluowang-ransomware-access-broker-gets-81-months-in-prison/

Cisco cybersecurity rating report: https://www.rankiteo.com/company/cisco

"id": "CIS1774362550",
"linkid": "cisco",
"type": "Ransomware",
"date": "7/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'location': 'U.S.', 'type': 'Corporate'}],
 'attack_vector': 'Initial Access Broker (IAB)',
 'data_breach': {'data_encryption': 'Yes (by Yanluowang ransomware)',
                 'data_exfiltration': 'Yes',
                 'sensitivity_of_data': 'High (corporate and potentially '
                                        'personally identifiable information)',
                 'type_of_data_compromised': 'Files, network credentials, '
                                             'victim data'},
 'description': 'Aleksey Olegovich Volkov, a 26-year-old Russian national, was '
                'sentenced to 81 months in prison for his role as an initial '
                'access broker (IAB) in the Yanluowang ransomware attacks. '
                'Volkov breached corporate networks of at least eight U.S. '
                'companies between July 2021 and November 2022, selling access '
                'to the Yanluowang ransomware-as-a-service (RaaS) operation. '
                "The affiliates encrypted victims' data and demanded ransoms "
                'ranging from $300,000 to $15 million.',
 'impact': {'data_compromised': 'Stolen files, network credentials, and victim '
                                'data',
            'financial_loss': '$9,167,198.19 (restitution)',
            'legal_liabilities': 'Fines and restitution',
            'operational_impact': 'Data encryption, ransom demands, and '
                                  'operational disruption',
            'systems_affected': 'Corporate networks of at least eight U.S. '
                                'companies'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Access sold to Yanluowang '
                                                    'RaaS',
                           'entry_point': 'Corporate networks'},
 'investigation_status': 'Completed (sentencing)',
 'motivation': 'Financial gain',
 'post_incident_analysis': {'corrective_actions': 'Law enforcement '
                                                  'intervention, restitution, '
                                                  'and forfeiture',
                            'root_causes': 'Initial access broker activity, '
                                           'lack of network security measures'},
 'ransomware': {'data_encryption': 'Yes',
                'data_exfiltration': 'Yes',
                'ransom_demanded': ['$300,000', '$15 million'],
                'ransomware_strain': 'Yanluowang'},
 'references': [{'source': 'U.S. Justice Department'}],
 'regulatory_compliance': {'legal_actions': 'Criminal prosecution, '
                                            'restitution, and forfeiture'},
 'response': {'law_enforcement_notified': 'Yes (FBI, U.S. Justice Department)'},
 'threat_actor': 'Aleksey Olegovich Volkov (chubaka.kor, nets)',
 'title': 'Russian Initial Access Broker Sentenced for Role in Yanluowang '
          'Ransomware Attacks',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.