Russian Hacker Sentenced to 81 Months for Role in Ransomware Attacks Targeting U.S. Companies

A Russian national has been sentenced to more than six years in federal prison for his role in facilitating ransomware attacks that targeted companies across the United States and generated millions of dollars in losses.

Aleksei Volkov, 26, of St. Petersburg, Russia, was sentenced in the Southern District of Indiana to 81 months in prison for assisting cybercrime groups, including the Yanluowang ransomware group, in carrying out attacks that caused more than $9 million in actual losses and more than $24 million in intended losses, according to court records.

Prosecutors said Volkov operated as an “initial access broker,” a cybercriminal who specializes in infiltrating computer networks and selling that access to other threat actors. According to court documents, Volkov identified vulnerabilities in corporate systems, gained unauthorized access, and sold that access to co-conspirators who then deployed ransomware.

Those conspirators used the access to install malware that encrypted victims’ data, disrupting business operations and locking organizations out of their systems. Victims were then extorted for ransom payments in cryptocurrency, sometimes amounting to tens of millions of dollars, in exchange for restoring access and preventing the public release of stolen data.

In some instances, victims paid the ransom, while in others, sensitive data was published on leak websites. Authorities said Volkov received a share of ransom proceeds when payments were made.

Volkov was indicted in both the Southern District of Indiana and the Eastern District of Pennsylvania. He was arrested in Rome by Italian authorities and later extradited to the United States. On Nov. 25, 2025, he pleaded guilty to multiple charges, including unlawful transfer of a means of identification, trafficking in access information, access device fraud, aggravated identity theft, conspiracy to commit computer fraud, and conspiracy to commit money laundering.

As part of his plea agreement, Volkov admitted to participating in attacks involving unauthorized access, data theft, ransomware deployment and extortion. He also agreed to pay full restitution to victims, including at least $9,167,198.19 to compensate for actual losses, and to forfeit equipment used in the crimes.

Dark Web Marketplace Operator Extradited to U.S. in Major International Cybercrime Case

A German national accused of running one of the largest dark web marketplaces has been extradited from Colombia to the United States, where he faces multiple federal charges tied to the sale of illegal drugs, fraud tools, and hacking services.

Patrick Schmitz, 37, of Taganga, Colombia, is accused of cofounding and operating “The Versus Project,” also known as “Versus,” an online marketplace that prosecutors say facilitated hundreds of thousands of illegal transactions between 2019 and 2022.

According to court documents, Versus operated from about November 2019 through May 2022 and had more than 380,000 registered users. The platform listed over 32,000 products and facilitated more than 300,000 completed orders, generating millions of dollars in transactions.

Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division said, “The Versus Project allowed thousands of criminals to endanger the American people with heroin, illegal drugs, and tools for fraud and hacking. Although Versus hid on the dark web, today’s announcement demonstrates that Versus was not beyond the reach of the Justice Department and its international partners. Illegal online criminal marketplaces, no matter where they are located, will be targeted and brought down.”

Federal authorities allege the marketplace functioned like an e-commerce site but was accessible only through the dark web. Users created accounts, searched listings by category or keyword, and conducted transactions using cryptocurrencies such as Bitcoin and Monero. The platform did not allow fiat currency transactions, enabling users to bypass traditional banking systems and associated anti-money laundering controls.

Prosecutors said Versus offered a wide range of illegal goods and services, including heroin and other drugs, stolen and fraudulent identification documents, access devices, counterfeit currency, malware, hacking tools, and other digital services. Categories on the site included drugs, fraud, digital items, services, and software and malware.

Authorities also allege Schmitz played a central role in operating the platform, handling day-to-day management tasks such as responding to user support requests, reviewing vendor applications, and resolving disputes between buyers and sellers. He also reportedly recruited and supervised staff, promoted the marketplace, recruited vendors, and helped develop strategies to increase profits. According to court documents, he received a share of the proceeds, with cryptocurrency wallets linked to him handling transactions worth millions of dollars.

Schmitz was arrested in Colombia in June 2024 following a U.S. provisional arrest request. He was extradited to the United States on April 29 and made his initial court appearance and arraignment earlier today. He has been ordered detained pending trial.

He is charged with multiple offenses, including engaging in a continuing criminal enterprise, narcotics conspiracy, conspiracy to import controlled substances, distribution of controlled substances via the internet, use of a communications facility, conspiracy to commit access device fraud, conspiracy to unlawfully transfer identification documents, and money laundering conspiracy. The charges carry potential penalties ranging from years in prison to life imprisonment.

Prosecutors emphasized that an indictment is an allegation and that all defendants are presumed innocent unless proven guilty in court.

U.S. Cybersecurity Professionals Sentenced to Prison for Role in ALPHV BlackCat Ransomware Attacks

Two American cybersecurity professionals have been sentenced to four years in federal prison for their roles in a ransomware conspiracy that targeted victims across the United States using the ALPHV BlackCat malware, authorities said.

Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, were sentenced after pleading guilty to conspiracy to obstruct, delay, or affect commerce through extortion in connection with ransomware attacks carried out in 2023. A third co-conspirator, Angelo Martino, 41, of Florida, previously pleaded guilty and is scheduled to be sentenced in July.

According to court records, Goldberg, Martin, and Martino worked with administrators of the ALPHV BlackCat ransomware group between April and December 2023, deploying the malware against multiple victims across the United States. Prosecutors said the men agreed to pay the ransomware group a 20% share of any extortion proceeds in exchange for access to the malware and its extortion infrastructure.

Authorities said the three men successfully extorted at least one victim for approximately $1.2 million in Bitcoin. The proceeds were split among them and laundered through various methods.

Court documents state that ALPHV BlackCat operated as a ransomware-as-a-service network, in which developers created and maintained the malware and affiliates carried out attacks on targeted victims. The group is believed to have targeted more than 1,000 victims worldwide. After payments were made, ransom proceeds were shared between developers and affiliates.

Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division shared, “They harmed important firms who were providing medical and engineering services. They played hardball with them, going so far as to cause the leak of patient data from a doctor’s office victim. They also split the ransoms they were paid, and laundered the illicit proceeds. These were supposed to be cybersecurity specialists who did good and helped businesses and people. Instead, they used their high-level cyber skills to feed their greed. Ransomware attackers like this should be punished and removed from society to serve their lawful sentences so they cannot harm others.”
“These defendants exploited specialized cybersecurity knowledge not to protect victims, but to extort them,” said U.S. Attorney Jason A. Reding Quiñones for the Southern District of Florida. “They used ransomware to lock down critical systems, steal sensitive data, and pressure American businesses into paying to regain access to their own information. Today’s sentence of four years reflects not only the scale of this scheme, but the real harm inflicted on businesses, employees, and victims whose private information was weaponized for profit. In this District, cybercriminals will face federal prison and forfeit the proceeds of their crimes.”

Officials said the defendants used their professional backgrounds in cybersecurity to carry out the attacks, targeting businesses and organizations in the United States. In some cases, victims included medical and engineering service providers. Prosecutors said stolen data from a doctor’s office victim was also leaked during the extortion process.

The FBI said the investigation showed ransomware activity can be carried out by individuals operating within the United States. Officials said Goldberg attempted to flee abroad, but was tracked by the FBI across 10 countries before prosecution proceeded.

The case follows earlier Justice Department actions against ALPHV BlackCat in December 2023, when the FBI developed a decryption tool used to help victims recover systems and avoid an estimated $99 million in ransom payments. At that time, several websites associated with the group were also seized.

Goldberg and Martin pleaded guilty in December 2025. Martino pleaded guilty in April 2026 and faces sentencing in July. Authorities said Martino also used his role as a ransomware negotiator to share confidential victim information with attackers, increasing ransom demands.