Yanluowang Ransomware Broker - Russian Hacker Pleads Guilty
Category:Threat Actors & Campaigns
Russian national Aleksey Volkov will plead guilty in a US court for brokering network access to the Yanluowang ransomware group (T1133, T1486). Between 2021–2022, he sold victim access and earned over $250,000 in ransom shares. The case reveals how initial access brokers fuel ransomware ecosystems by exploiting RDP and VPN weaknesses.
CORTEX Protocol Intelligence Assessment
Business Impact: Highlights risks from access brokers enabling ransomware at scale. Technical Context: Exploited exposed remote services and valid credentials (T1133, T1078).
Strategic Intelligence Guidance
- Enforce MFA and disable open RDP access.
- Detect suspicious geographic login activity.
- Segment networks and apply least privilege.
- Coordinate with law enforcement on ransomware reporting.
Vendors
Threats
Targets
Intelligence Source: Yanluowang Ransomware Broker - Russian Hacker Pleads Guilty | Nov 11, 2025