U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

81-month sentence for Russian hacker behind major ransomware campaigns

U.S. sentences Russian hacker Aleksei Volkov to 81 months in prison for aiding ransomware attacks, causing over $9M in damages. A U.S. court sentenced Aleksei Olegovich Volkov to 81 months in prison for supporting ransomware groups like Yanluowang. He helped carry out dozens of attacks, causing over $9M in losses. Arrested in Italy in 2024 […]

Scattered Spider DOJ

U.S. sentences Russian hacker Aleksei Volkov to 81 months in prison for aiding ransomware attacks, causing over $9M in damages.

A U.S. court sentenced Aleksei Olegovich Volkov to 81 months in prison for supporting ransomware groups like Yanluowang. He helped carry out dozens of attacks, causing over $9M in losses. Arrested in Italy in 2024 and extradited, he pleaded guilty in November 2025.

“A court in the Southern District of Indiana today sentenced a Russian citizen, Aleksei Volkov, to 81 months in prison for assisting major cybercrime groups, including the Yanluowang ransomware group, in carrying out numerous attacks against U.S. companies and other organizations.” reads the press release published by DoJ. “Volkov facilitated dozens of ransomware attacks throughout the United States, causing over $9 million in actual losses and over $24 million in intended losses.”

Volkov was indicted in two U.S. districts, arrested in Rome, and extradited to the United States, where he pleaded guilty. Authorities say he worked as an “initial access broker,” breaking into corporate networks by exploiting vulnerabilities and selling that access to other cybercriminals, including ransomware groups, enabling further attacks.

The Russian national provided network access that his accomplices used to deploy ransomware, encrypt data, and disrupt operations. Victims were asked to pay large cryptocurrency ransoms to regain access and avoid data leaks. Some paid, others had their data exposed. Volkov received a share of the ransom profits.

“Volkov’s co-conspirators then used the access Volkov provided to infect the affected computer networks and systems with malware. This malware encrypted the victims’ data and prevented the victims from accessing it, damaging their business operations.” continues the press release. “The conspirators then demanded that the victims pay them a ransom in cryptocurrency — sometimes in the tens of millions of dollars — in exchange for restoring the victims’ access to the data and promising not to publicly disclose the hack or release victims’ stolen data on a “leak” website. “

Volkov pleaded guilty in November 2025 to multiple charges, including identity theft, fraud, and conspiracy, after cases were consolidated in Indiana. He admitted hacking networks, stealing data, deploying ransomware, and demanding millions in cryptocurrency. The group shared the profits, and Volkov agreed to pay over $9.1M in restitution and forfeit equipment used in the attacks.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)