Aleksey Olegovich Volkov campaign expands across multiple victims
Campaign
Summary
Hide ▲
Show ▼
The Yanluowang ransomware operation is now tied to a named initial access broker who helped attackers reach at least eight U.S. companies, showing a coordinated extortion pipeline rather than a single intrusion. Aleksey Olegovich Volkov allegedly used the aliases "chubaka.kor" and "nets" to breach corporate networks and sell that access onward. The group then encrypted victim data and demanded ransoms of $300,000 to $15 million in Bitcoin. The plea and restitution exposure underscore how upstream access brokerage can amplify ransomware harm across multiple victims.
Related Happenings
The Gentlemen ransomware group’s 90/10 RaaS model and rapid victim growth
Threat Actor Meta
H score26
First: 10.06.2026 17:03
Last: 10.06.2026 17:03
Sources 1
About this happening:
**The Gentlemen** ransomware group has become a high-volume **RaaS** operation, using a **90/10 affiliate split** to attract operators and expand its reach. The group now ranks as...
The Gentlemen ransomware group’s 90/10 RaaS model and rapid victim growth
Threat Actor MetaAbout this happening: **The Gentlemen** ransomware group has become a high-volume **RaaS** operation, using a **90/10 affiliate split** to attract operators and expand its reach. The group now ranks as...
Silent Ransom Group shifts from Conti-linked ransomware participation to standalone data-theft extortion
Threat Actor Meta
H score21
First: 07.06.2026 17:09
Last: 07.06.2026 17:09
Sources 1
About this happening:
**Silent Ransom Group (UNC3753)** is a **standalone data-theft extortion** actor that has operated separately since **2022** after the **Conti** shutdown, using stolen data and le...
Silent Ransom Group shifts from Conti-linked ransomware participation to standalone data-theft extortion
Threat Actor MetaAbout this happening: **Silent Ransom Group (UNC3753)** is a **standalone data-theft extortion** actor that has operated separately since **2022** after the **Conti** shutdown, using stolen data and le...
Silent Ransom Group US law firm IT impersonation campaign
Campaign
H score36
First: 29.05.2026 16:00
Last: 29.05.2026 16:00
Sources 1
About this happening:
**Silent Ransom Group (SRG)**, also tracked as **UNC3753**, **Chatty Spider**, and **Luna Moth**, is running a **financially motivated data theft extortion campaign** against **do...
Silent Ransom Group US law firm IT impersonation campaign
CampaignAbout this happening: **Silent Ransom Group (SRG)**, also tracked as **UNC3753**, **Chatty Spider**, and **Luna Moth**, is running a **financially motivated data theft extortion campaign** against **do...
U.S. sentencing of Deniss Zolotarjovs in Karakurt ransomware case
Law Enforcement
H score39
First: 05.05.2026 13:13
Last: 05.05.2026 13:13
Sources 1
About this happening:
**Deniss Zolotarjovs** was **sentenced to 8.5 years in prison** in the **United States** for serving as a **Karakurt ransomware** negotiator, resolving a cross-border cybercrime c...
U.S. sentencing of Deniss Zolotarjovs in Karakurt ransomware case
Law EnforcementAbout this happening: **Deniss Zolotarjovs** was **sentenced to 8.5 years in prison** in the **United States** for serving as a **Karakurt ransomware** negotiator, resolving a cross-border cybercrime c...
Tampa medical device company hit by ransomware attack linked to BlackCat (ALPHV)
Incident
H score21
First: 01.05.2026 10:47
Last: 01.05.2026 10:47
Sources 1
About this happening:
A **Tampa medical device company** suffered a **ransomware intrusion** in **May 2023** that encrypted its servers and triggered a **$10 million** ransom demand. The company later...
Tampa medical device company hit by ransomware attack linked to BlackCat (ALPHV)
IncidentAbout this happening: A **Tampa medical device company** suffered a **ransomware intrusion** in **May 2023** that encrypted its servers and triggered a **$10 million** ransom demand. The company later...
Timeline
-
10.11.2025 21:12 2 articles · 7mo ago
Volkov signs Yanluowang plea agreement
Legal Policy Action UpdateAleksey Olegovich Volkov signs a plea agreement on October 29 admitting he acted as an initial access broker for Yanluowang ransomware activity targeting at least eight U.S. companies between July 2021 and November 2022, using the aliases "chubaka.kor" and "nets" to breach corporate networks and sell access for ransomware operations; the case also ties him to $1.5 million in ransom proceeds and more than $9.1 million in restitution exposure.
Show sources
- Yanluowang initial access broker pleaded guilty to ransomware attacks — www.bleepingcomputer.com — 10.11.2025 21:12
- Yanluowang initial access broker pleaded guilty to ransomware attacks — www.bleepingcomputer.com — 10.11.2025 21:12