-
A 26-year-old Russian fellow, Aleksei Volkov, sold unauthorized network access to ransomware gangs, including the Yanluowang crew, triggering over $9 million in real losses across dozens of U.S. companies.
-
Italian authorities arrested Volkov in January 2024, and U.S. prosecutors secured his guilty plea in November 2025, leading to an 81-month prison sentence and a $9.1 million restitution order.
-
In a separate but related case, U.S. prosecutors charged a ransomware negotiator who secretly helped the BlackCat gang squeeze bigger payouts from at least 10 victims, with authorities seizing nearly $9.2 million in crypto from his wallets.
A Russian hacker who spent years quietly selling backdoor access to corporate networks has finally landed in a U.S. federal prison.
The U.S. Department of Justice sentenced Aleksei Olegovich Volkov to 81 months behind bars for fueling ransomware attacks that drained millions from American businesses.
The case exposes a growing and often overlooked corner of the cybercrime economy, the access broker, the person who kicks the door open and lets the real criminals walk in.
The access broker who opened the door
Volkov did not personally deploy ransomware. Instead, he hunted for vulnerabilities in corporate networks, cracked them open, and sold that access to criminal groups, including the Yanluowang ransomware operation.
His co-conspirators then took that access and flooded the victims’ systems with malware, encrypting critical data and locking companies out of their own operations.
The DoJ confirmed the model clearly: Volkov’s partners used the access he provided to encrypt victims’ data and cripple their business operations.
They then demanded cryptocurrency ransoms, sometimes reaching tens of millions of dollars, threatening to publish the stolen data on leak sites if victims refused to pay.
Every ransom payment that came in gave Volkov a cut. Over time, his role contributed to more than $9 million in confirmed losses and over $24 million in intended damages across dozens of victims.
As U.S. prosecutors pursue criminals like Volkov through the courts, intelligence agencies like MI6 are pursuing a different strategy, launching dark web portals to recruit spies from within the criminal underground, aiming to gain intelligence before attacks happen rather than prosecuting after the fact.
Italian authorities arrested him on January 18, 2024. U.S. prosecutors extradited him, and he pleaded guilty in November 2025 to charges including computer fraud, trafficking in access credentials, identity theft, and conspiracy to commit money laundering.
Additionally, Volkov agreed to remit at least $9,167,198 in full restitution to known victims and to forfeit all tools he used to carry out the attacks.
BlackCat’s secret negotiator exposed
The Volkov sentencing coincides with a fresh wave of cybercrime charges hitting a different corner of the ransomware world. Federal prosecutors charged Angelo Martino, 41, with operating as a secret negotiator for the BlackCat ransomware gang, also known as ALPHV.
Martino worked as an employee at DigitalMint, a legitimate ransomware response and cryptocurrency firm. But behind the scenes, he helped BlackCat extract larger ransoms from at least 10 victims, acting against the interests of the very companies his employer was supposed to help.
Authorities seized nearly $9.2 million spread across 21 cryptocurrency wallets he controlled, spanning Bitcoin, Monero, Ripple, Solana, and Stellar. Investigators also confiscated his luxury vehicles and properties. Martino now faces up to 20 years in prison.
Two other DigitalMint employees, Ryan Clifford Goldberg and Kevin Tyler Martin, had already pleaded guilty in December 2025 to serving as BlackCat affiliates.
DigitalMint moved quickly to distance itself. The company stated plainly that the individuals’ actions directly violated company policy and ethical standards, and that it terminated both Martino and Martin once their behavior surfaced.
The firm added that criminal behavior of this kind runs completely against everything it stands for and why the industry exists.
What these cases signal for cybercrime enforcement
Volkov’s sentencing and Martino’s charges reveal a clear pattern in how U.S. prosecutors are now approaching ransomware. Authorities are no longer just going after the hackers who click the final trigger. They are dismantling the entire supply chain, the brokers, the negotiators, the money launderers.
For cybercriminals who believe their role is too peripheral to attract federal attention, these cases send a direct message. The DoJ is tracing every layer of the ransomware economy, following crypto trails across multiple currencies, and working with international partners to close in.
This includes targeting the privacy tools themselves. The Samourai Wallet case shows that prosecutors are willing to go after wallet developers whose services, they argue, are designed to facilitate money laundering on the dark web, sending a signal that even toolmakers are not beyond the reach of the law.
The arrests of Volkov in Italy and the exposure of insiders like Martino show that no position in the chain, however removed from the actual attack, is safe from prosecution.
