A 25-year-old Russian national has pleaded guilty to six charges relating to a hacking spree carried out by the Yanluowang hacking group.
Aleksei Olegovich Volkov acted as an initial access broker for the group between July 2021 and April 2022, selling access and credentials to victim networks in return for an initial payment of US$1,000 in bitcoin and a cut of any ransom payment.
For instance, Volkov received a cut of two ransom payments that totalled US$1.55 million in bitcoin. Investigators were able to trace payments made to Volkov via the blockchain. He received sums of about US$94,000 and US$162,000 from each respective ransom payment.
Volkov generally received a cut of between 15 and 20 per cent from ransom profits.
Court documents suggest Volkov was involved in at least seven ransomware attacks, but not all victims paid a ransom.
Volkov pleaded guilty to one count each of unlawful transfer of a means of identification, trafficking in access information, access device fraud, and aggravated identity theft in the Southern District of Indiana, and one count each of conspiracy to commit computer fraud and conspiracy to commit money laundering in the Eastern District of Pennsylvania.
He faces a maximum of 53 years in prison and was ordered to pay the victims US$9,167,198.19 in restitution.
The Yanluowang ransomware gang operated for a brief period of time in 2022 and was last observed in August of that year after just over a month of operation. In that time, it claimed to have hacked Walmart, Cisco, and several other victims.
Its tactics included both stealing and encrypting data and targeting its victims with distributed denial-of-service (DDoS) attacks while also attempting to intimidate employees.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.