Sentencing of TA551 Botnet Operator for Ransomware Access Facilitation

First reported

25.03.2026 13:52

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A Russian national, Ilya Angelov, was sentenced to two years imprisonment and fined $100,000 for co-managing the TA551 botnet used to facilitate ransomware attacks against U.S. enterprises. Between 2017 and 2021, Angelov and associates operated the botnet via spam email malware distribution, monetizing access by selling compromised systems to criminal groups including BitPaymer, IcedID operators, TrickBot affiliates, and Lockean ransomware gangs. The group’s activities directly enabled ransomware extortion campaigns impacting 72 U.S. corporations with over $14.17 million in proceeds.

Timeline

25.03.2026 13:52 1 articles · 2h ago

TA551 Botnet Operator Sentenced for Facilitating Ransomware Attacks via Access Brokering
U.S. federal sentencing documents reveal Ilya Angelov’s management of the TA551 botnet from 2017 to 2021, which distributed malware via spam emails and sold access to ransomware groups. Proceeds from the botnet’s activities exceeded $14.17 million, with documented links to BitPaymer, IcedID, TrickBot/Conti, and Lockean ransomware campaigns. The development underscores the persistent use of botnet-for-hire models to enable large-scale ransomware extortion.
Show sources

Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks — thehackernews.com — 25.03.2026 13:52
Open in new tab

Information Snippets

Ilya Angelov (age 40, alias "milan" and "okart") was sentenced to two years in prison and fined $100,000 for managing the TA551 botnet.
First reported: 25.03.2026 13:52

1 source, 1 article
Show sources
- Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks — thehackernews.com — 25.03.2026 13:52
TA551 operated between at least 2017 and 2021, recruiting members and developing malware to bypass security tools for botnet expansion.
First reported: 25.03.2026 13:52

1 source, 1 article
Show sources
- Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks — thehackernews.com — 25.03.2026 13:52
The botnet was used to sell access to compromised systems to ransomware groups including BitPaymer, IcedID affiliates, TrickBot-linked actors, and Lockean ransomware operators.
First reported: 25.03.2026 13:52

1 source, 1 article
Show sources
- Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks — thehackernews.com — 25.03.2026 13:52
Between August 2018 and December 2019, TA551 provided BitPaymer with access to infect 72 U.S. corporations, resulting in at least $14.17 million in extortion payments.
First reported: 25.03.2026 13:52

1 source, 1 article
Show sources
- Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks — thehackernews.com — 25.03.2026 13:52
IcedID operators paid over $1 million to acquire botnet access in late 2019 or early 2020; the extent of resulting damages remains unspecified.
First reported: 25.03.2026 13:52

1 source, 1 article
Show sources
- Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks — thehackernews.com — 25.03.2026 13:52
TA551 collaborated with TrickBot operators to distribute Conti Ransomware starting November 2021 and partnered with Lockean ransomware after early-2021 Emotet takedowns.
First reported: 25.03.2026 13:52

1 source, 1 article
Show sources
- Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks — thehackernews.com — 25.03.2026 13:52

Summary

Timeline

TA551 Botnet Operator Sentenced for Facilitating Ransomware Attacks via Access Brokering

Information Snippets