Aleksey Olegovich Volkov campaign expands across multiple victims
Campaign
Summary
Hide ▲
Show ▼
The Yanluowang ransomware operation is now tied to a named initial access broker who helped attackers reach at least eight U.S. companies, showing a coordinated extortion pipeline rather than a single intrusion. Aleksey Olegovich Volkov allegedly used the aliases "chubaka.kor" and "nets" to breach corporate networks and sell that access onward. The group then encrypted victim data and demanded ransoms of $300,000 to $15 million in Bitcoin. The plea and restitution exposure underscore how upstream access brokerage can amplify ransomware harm across multiple victims.
Related Happenings
U.S. sentencing of Deniss Zolotarjovs in Karakurt ransomware case
Law Enforcement
First: 05.05.2026 13:13
Last: 05.05.2026 13:13
Sources 1
About this happening:
**Deniss Zolotarjovs** was **sentenced to 8.5 years in prison** in the **United States** for serving as a **Karakurt ransomware** negotiator, resolving a cross-border cybercrime c...
U.S. sentencing of Deniss Zolotarjovs in Karakurt ransomware case
Law EnforcementAbout this happening: **Deniss Zolotarjovs** was **sentenced to 8.5 years in prison** in the **United States** for serving as a **Karakurt ransomware** negotiator, resolving a cross-border cybercrime c...
Tampa medical device company hit by ransomware attack linked to BlackCat (ALPHV)
Incident
First: 01.05.2026 10:47
Last: 01.05.2026 10:47
Sources 1
About this happening:
A **Tampa medical device company** suffered a **ransomware intrusion** in **May 2023** that encrypted its servers and triggered a **$10 million** ransom demand. The company later...
Tampa medical device company hit by ransomware attack linked to BlackCat (ALPHV)
IncidentAbout this happening: A **Tampa medical device company** suffered a **ransomware intrusion** in **May 2023** that encrypted its servers and triggered a **$10 million** ransom demand. The company later...
Finnish arrest and U.S. charges in Bouquet Scattered Spider case
Law Enforcement
First: 28.04.2026 18:39
Last: 28.04.2026 18:39
Sources 1
About this happening:
**Finnish law enforcement** arrested **Bouquet**, and **U.S. federal prosecutors** later charged him in a cross-border **Scattered Spider** cybercrime case. The charges include **...
Finnish arrest and U.S. charges in Bouquet Scattered Spider case
Law EnforcementAbout this happening: **Finnish law enforcement** arrested **Bouquet**, and **U.S. federal prosecutors** later charged him in a cross-border **Scattered Spider** cybercrime case. The charges include **...
BlackCat campaign expands across multiple victims
Campaign
First: 22.04.2026 14:00
Last: 22.04.2026 14:00
Sources 1
About this happening:
The **BlackCat** ransomware operation ran a **multi-victim extortion campaign** against **US organizations** between **April and November 2023**, creating sustained ransom pressur...
BlackCat campaign expands across multiple victims
CampaignAbout this happening: The **BlackCat** ransomware operation ran a **multi-victim extortion campaign** against **US organizations** between **April and November 2023**, creating sustained ransom pressur...
Latest development: 01.05.2026 14:30
Ryan Goldberg and Kevin Martin were each sentenced to four years in prison for helping the BlackCat/ALPHV ransomware gang conduct attacks against multiple U.S. organizations during 2023. Prosecutors said the pair worked alongside Angelo Martino, paid BlackCat administrators a 20% share of ransom payments, and in one case received a Bitcoin ransom worth $1.2m while also leaking patient data from a healthcare victim.
Scattered Spider SMS phishing and SIM-swap crypto theft campaign
Campaign
First: 20.04.2026 16:33
Last: 20.04.2026 16:33
Sources 1
About this happening:
The **Scattered Spider** campaign used **SMS phishing** and **SIM swap** attacks to steal employee credentials, hijack phone numbers, and take over email and **virtual currency wa...
Scattered Spider SMS phishing and SIM-swap crypto theft campaign
CampaignAbout this happening: The **Scattered Spider** campaign used **SMS phishing** and **SIM swap** attacks to steal employee credentials, hijack phone numbers, and take over email and **virtual currency wa...
Timeline
-
10.11.2025 21:12 2 articles · 6mo ago
Volkov signs Yanluowang plea agreement
Legal Policy Action UpdateAleksey Olegovich Volkov signs a plea agreement on October 29 admitting he acted as an initial access broker for Yanluowang ransomware activity targeting at least eight U.S. companies between July 2021 and November 2022, using the aliases "chubaka.kor" and "nets" to breach corporate networks and sell access for ransomware operations; the case also ties him to $1.5 million in ransom proceeds and more than $9.1 million in restitution exposure.
Show sources
- Yanluowang initial access broker pleaded guilty to ransomware attacks — www.bleepingcomputer.com — 10.11.2025 21:12
- Yanluowang initial access broker pleaded guilty to ransomware attacks — www.bleepingcomputer.com — 10.11.2025 21:12