my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

It Was a Good Week to Be a Federal Prosecutor

John Z Black Mar 29, 2026 Ransomware & Cybercrime #yanluowang #ransomware #botnet #doj #sentencing #cybercrime-enforcement #cisco #aleksei-volkov #ilya-angelov #ta551

The botnet was called Mario Kart. That’s not a joke. Federal prosecutors apparently kept a straight face about it for the entire investigation.

Ilya Angelov, 40, of Tolyatti, Russia, operated the “Mario Kart” botnet (also catalogued under threat intelligence designation TA551). Effective, methodical, and profitable in the worst possible way. His infrastructure was used to hit more than 70 US companies with ransomware attacks, extracting approximately $14 million in extortion payments. This wasn’t a side project. It was a business. A federal judge handed Angelov two years in federal prison, a $100,000 fine, and a $1.6 million civil judgment. For running an extortion network at industrial scale. Two years is a number worth sitting with.

Within days of that sentencing, a second defendant got his turn in court. Aleksei Volkov, from St. Petersburg, Russia, was sentenced to 81 months in federal prison, nearly seven years, plus more than $9 million in restitution. He originally faced a maximum of 53 years; the 81-month sentence reflects a plea agreement.

Volkov wasn’t a ransomware operator. He was something arguably more foundational: an initial access broker. His job was to break into corporate networks, or acquire access from others, and sell it. Not deploy ransomware, not negotiate with victims. Just find the open door and sell the key. Among his customers: Yanluowang, the ransomware group that attacked Cisco in 2022. Cisco disclosed the breach publicly. Yanluowang claimed roughly 3 terabytes of data.

That distinction matters. Coverage of ransomware tends to focus on the group at the keyboard at the moment of attack. There’s a whole layer of the ecosystem that rarely gets named: the people who find and sell the way in. Volkov’s 81-month sentence for selling access, not deploying ransomware himself, is a signal that US prosecutors are tracking that layer too.

Is this a turning point? Probably not. The global ransomware ecosystem generates billions annually and recruits from countries where extradition is rare. Most people running these operations will never see a US courtroom. But two people who thought they were operating safely from Russia ended up sentenced in American federal courts. That’s worth noting, even if the deterrence math still doesn’t quite work in the good guys’ favor.

Full breakdown of both sentences and what they signal about cybercrime enforcement