A Russian man who U.S. prosecutors say peddled stolen login credentials and sold access to ransomware crews will spend 81 months in federal prison after a sentencing yesterday in Indianapolis. He was also ordered to pay roughly $9.17 million in restitution, closing out an international probe that followed crypto trails across borders and ended with arrests overseas.
According to FOX59, the judge not only handed down the 81-month term and $9,167,198.19 restitution order, but also tacked on two years of supervised release once the prison time is done. The court recommended that the defendant be housed at a federal medical center at the lowest security level authorities think is appropriate.
Prosecutors identified the defendant as Aleksei Olegovich Volkov, known online as “chubaka.kor.” Reporting by CyberScoop says Volkov worked as an initial-access broker for the Yanluowang ransomware group, effectively opening the door for others to carry out attacks. Court documents state that he pleaded guilty to six counts, including unlawful transfer of a means of identification, trafficking in access information and aggravated identity theft, and admitted to helping pull off intrusions at seven U.S. businesses. Prosecutors told the court that during the scheme, conspirators demanded about $24 million in ransom payments.
How investigators followed the money and access sales
According to SC Media, investigators leaned on blockchain analysis to track cryptocurrency transfers and wallet movements tied to the break-ins. Those digital breadcrumbs, along with other evidence, led to Volkov’s arrest in Rome in January 2024 and his eventual extradition to the United States.
Legal implications
Court records reviewed by CyberScoop note that the charges on paper carried a theoretical maximum of roughly 53 years in prison, though plea deals and sentencing guidelines usually cut that number down significantly. Even so, the 81-month sentence and hefty restitution in the Indianapolis case highlight how federal prosecutors are increasingly zeroing in on initial-access brokers, whom they describe as the wholesalers of the ransomware economy.
The court filings list victims that range from an Orlando law firm to an engineering outfit and a bank, and prosecutors say some companies had to shut down operations after their systems were compromised. FOX59 reports that federal authorities are framing the sentence as part of a broader effort to disrupt the networks that make large-scale ransomware and extortion campaigns possible.
