A Russian national who sold gateway access to corporate networks for ransomware gangs has been sentenced to nearly seven years behind bars, highlighting the ongoing ties between cybercrime and crypto payments.
What happened
- Aleksei Volkov, 26, of St. Petersburg, was sentenced in the U.S. District Court for the Southern District of Indiana to 81 months in prison after helping major ransomware groups—including Yanluowang—gain footholds in U.S. networks. Prosecutors say those intrusions caused more than $9 million in actual losses and represented over $24 million in intended losses nationwide.
- Volkov worked as an “initial access broker”: a specialist who breaks into corporate systems and sells that access to other threat actors. Buyers then deployed ransomware to encrypt data and demanded cryptocurrency ransoms—sometimes demanding “tens of millions of dollars” to restore access or to avoid publishing stolen files.
Charges, plea and punishment
- On November 25, 2025, Volkov pleaded guilty to counts in two federal indictments: four counts in the Southern District of Indiana (unlawful transfer of a means of identification, trafficking in access information, access device fraud, and aggravated identity theft) and two counts in the Eastern District of Pennsylvania (conspiracy to commit computer fraud and conspiracy to commit money laundering).
- Arrested in Rome, Italy, before extradition to the U.S., Volkov admitted that he and co-conspirators “demanded tens of millions of dollars in ransom and received millions,” and that he received a share of cryptocurrency ransom payments.
- The court ordered full restitution, including almost $9.2 million to known victims, and the forfeiture of equipment used in the crimes.
Why this matters for crypto
- The case underlines how ransomware operators continue to lean on cryptocurrency for payments and profit-sharing. Chainalysis’ 2026 Crypto Crime Report found on-chain ransomware payments totaled $820 million in 2025 (an 8% decline year-over-year), even as reported attacks rose 50% and the median ransom jumped 368% to nearly $60,000.
- Ransomware actors are also evolving their tactics on-chain: some strains now use smart contracts as part of distribution and infrastructure. Examples include the DeadLock ransomware using Polygon smart contracts for proxy-server rotation and distribution, and EtherHiding targeting BNB Smart Chain and Ethereum smart contracts.
The Volkov sentence serves as a reminder that law enforcement pressure and blockchain tracing are increasingly central to disrupting ransomware ecosystems—even as attackers iterate, using crypto-native tools to scale and obscure their operations.
Read more AI-generated news on: undefined/news
