John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
Aleksei Olegovich Volkov won’t be selling network access for a while. The 26-year-old from St. Petersburg got 81 months in federal prison and was ordered to pay more than $9 million in restitution for his work as an initial access broker for the Yanluowang ransomware gang. The sentence covers attacks against US organizations from July 2021 through November 2022.
He’s not a name you’ve heard before. That’s sort of the point.
Initial access brokers are the people who break into networks and sell the access to ransomware operators. They’re not doing the extortion. They’re selling doors. Find a way in, verify it’s real, move on. Ransomware gangs buy the access, deploy their payload, collect the ransom. Clean division of labor. It’s a big part of why ransomware scaled so effectively.
Volkov was the key seller. Yanluowang was the buyer. Their more notable victim: Cisco, breached in 2022. Yanluowang later leaked Cisco files on the dark web.
Prosecuting IABs matters strategically. Ransomware gangs rely on a supply chain. Hit an IAB and you’re not just taking down one criminal. You’re degrading the pipeline for everyone they served. Volkov supported multiple US attacks over 16 months. That supply chain is now offline.
The detail that made this possible: Volkov was arrested in Rome in January 2024. He was living there. Russia doesn’t extradite its citizens. Italy has an extradition treaty with the US. Some Russian cybercriminals take that risk. When they do, cases like this follow.
He was extradited in 2025 and sentenced this week. Nearly seven years plus nine million dollars. That’s not a slap.