Russian Hacker Faces 53 Years & $9.2M Restitution in Landmark Ransomware Case

A Russian national's guilty plea in a high-profile ransomware scheme could land them behind bars for half a century—plus a near-eight-figure financial gut punch.

The stakes? Astronomical. Prosecutors are pushing for a 53-year sentence—one of the longest ever proposed for cybercrime—alongside $9.2 million in restitution payments. Talk about a crypto exit strategy gone wrong.

Why it matters: This case sets a brutal precedent for ransomware operators. Forget 'anonymous' Bitcoin payouts—this is the DOJ turning encryption into a prison ledger.

Bonus jab: At least the restitution’s cheaper than most Silicon Valley acqui-hires. Too bad the equity’s paid in prison meals.

Russian national pleads guilty to multiple ransomware activities

The court filings for Volkov’s case did not exactly name Cisco, but the enterprise networking and security vendor said it was impacted by an attack that it attributed to Yanluowang ransomware in May 2022. During its investigation, Cisco realized that the credentials of one of its employees were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.

Cisco claimed that the attacker then carried out a series of sophisticated voice phishing attacks under the guise of trusted organizations, attempting to convince the victim to accept multi-factor authentication push notifications initiated by the attacker. After succeeding, the attacker then got access to the VPN in the context of the targeted user. In its report, Cisco claimed that the attack had links to an initial access broker with ties to several ransomware groups, including UNC2447, Lapsus$, and Yanluowang.

Prosecutors claimed that the Russian was charged with identifying targets, exploiting vulnerabilities in their systems, and sharing access with co-conspirators for a flat fee or a percentage of the ransom payments made by the victims. Some of the Russian’s victims were unable to function properly without access to some of the data stolen and had to partially halt their operations or shut down permanently in the wake of the attacks, causing hindrance to users.

Volkov awaits sentencing amid agreement to pay $9.2 million

Prosecutors also claimed the group got $24 million from all seven ransomware victims. The FBI also traced cryptocurrency transactions related to the payments to accounts that were maintained by the Russian and another co-conspirator, CC-1, who they claimed resided in Indianapolis at the time. The FBI was able to confirm Volkov’s identity using blockchain analysis. They were also able to uncover multiple accounts used for communication within the group.

In their communication, the group talked about ransomware attacks, payments, and splitting proceeds from their criminal activities. In the unsealed indictment, the Russian was arrested in January 2024 in Rome, where he had been living, and was later extradited to the United States and remains in custody in Indiana. Volkov previously filed an intention to plead guilty in April and agreed to have his case moved to Indiana.

The Russian pleaded guilty to six charges, including unlawful transfer of a means of identification, trafficking in access information, access device fraud, conspiracy to commit computer fraud, aggravated identity theft, and conspiracy to commit money laundering. The plea agreement will also see Volkov pay a combined restitution of about $9.2 million to the seven victims.

Get seen where it counts. Advertise in Cryptopolitan Research and reach crypto’s sharpest investors and builders.