Russian Cybercriminal Sentenced for Enabling $24M in Ransomware Attacks
Aleksei Volkov, a Russian national, has been sentenced to 81 months in U.S. prison for his role in facilitating ransomware attacks that caused over $9 million in actual losses and targeted $24 million in intended damages. Volkov, an initial access broker, was arrested in Italy and extradited to the U.S., where he pleaded guilty in November 2025 to charges including access device fraud, identity theft, conspiracy to commit computer fraud, and money laundering.
Prosecutors revealed that Volkov exploited vulnerabilities in computer networks, gained unauthorized access, and sold that access to ransomware groups. His co-conspirators then deployed malware to encrypt victims’ data, disrupt operations, and demand multi-million-dollar cryptocurrency ransoms sometimes exceeding $10 million per attack. Victims who refused to pay had their stolen data published on leak sites, while those who complied funded Volkov’s share of the profits.
As part of his plea agreement, Volkov was ordered to pay restitution to victims and forfeit equipment used in the crimes. The case underscores law enforcement’s growing focus on enablers of ransomware attacks, even those not directly involved in deploying the malware.
INTERPOL cybersecurity rating report: https://www.rankiteo.com/company/interpol
"id": "INT1774362377",
"linkid": "interpol",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'attack_vector': 'Exploited vulnerabilities in computer networks',
'data_breach': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'type_of_data_compromised': 'Encrypted and exfiltrated data'},
'description': 'Aleksei Volkov, a Russian national, was sentenced to 81 '
'months in U.S. prison for facilitating ransomware attacks '
'that caused over $9 million in actual losses and targeted $24 '
'million in intended damages. Volkov, an initial access '
'broker, exploited vulnerabilities in computer networks, '
'gained unauthorized access, and sold that access to '
'ransomware groups. His co-conspirators deployed malware to '
'encrypt victims’ data, disrupt operations, and demand '
'multi-million-dollar cryptocurrency ransoms. Victims who '
'refused to pay had their stolen data published on leak sites.',
'impact': {'data_compromised': "Victims' data encrypted and exfiltrated",
'financial_loss': '$9 million (actual losses), $24 million '
'(intended damages)',
'operational_impact': 'Disrupted operations'},
'initial_access_broker': {'entry_point': 'Exploited vulnerabilities in '
'computer networks'},
'investigation_status': 'Resolved (sentencing completed)',
'motivation': 'Financial gain',
'post_incident_analysis': {'corrective_actions': 'Arrest, extradition, '
'sentencing, restitution, '
'and forfeiture of equipment',
'root_causes': 'Exploitation of network '
'vulnerabilities by initial access '
'broker'},
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransom_demanded': 'Multi-million-dollar cryptocurrency '
'ransoms (sometimes exceeding $10 million '
'per attack)'},
'references': [{'source': 'U.S. Department of Justice'}],
'regulatory_compliance': {'legal_actions': 'Criminal charges (access device '
'fraud, identity theft, conspiracy '
'to commit computer fraud, money '
'laundering)'},
'response': {'law_enforcement_notified': 'Yes (U.S. law enforcement)'},
'threat_actor': 'Aleksei Volkov (Initial Access Broker) and co-conspirators',
'title': 'Russian Cybercriminal Sentenced for Enabling $24M in Ransomware '
'Attacks',
'type': 'Ransomware'}