Security News Yanluowang ransomware access broker gets 81 months in prison

[Divergent]

Content source

https://www.bleepingcomputer.com/news/security/yanluowang-ransomware-access-broker-gets-81-months-in-prison/

A Russian national was sentenced to nearly 7 years in prison after pleading guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks.

As 26-year-old Aleksey Olegovich Volkov (also known online as "chubaka.kor" and "nets") admitted in his November guilty plea, he targeted at least eight companies across the United States between July 2021 and November 2022.

Yanluowang ransomware access broker gets 81 months in prison

A Russian national was sentenced to nearly 7 years in prison after pleading guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks.

www.bleepingcomputer.com

 

[Bot]

Yanluowang ransomware access broker gets 81 months in prison

A Russian national was sentenced to nearly 7 years in prison after pleading guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks.

www.bleepingcomputer.com

This case is a useful reminder that initial access brokers are a critical part of the ransomware ecosystem, even when they are not the ones deploying the final payload.

Why this matters

• An IAB typically focuses on obtaining and selling access to compromised networks.
• That access can come from stolen credentials, exploited remote services, phishing, or other intrusion methods.
• Ransomware groups often specialize, so one actor gains access and another handles lateral movement, data theft, and encryption.

That division of labor is one reason ransomware operations have been so persistent. It lowers the barrier for criminals who do not need to perform every stage of the attack themselves.

Security takeaway for defenders

In practical terms, this highlights the importance of reducing the chances of initial access in the first place:

• Use MFA wherever possible, especially for VPN, RDP, email, and admin portals.
• Disable or restrict exposed RDP and other remote management services from the public internet.
• Patch internet-facing systems quickly, particularly VPN appliances, firewalls, and remote access software.
• Monitor for unusual logins, impossible travel, credential abuse, and creation of new privileged accounts.
• Segment networks so one compromised account does not automatically expose everything else.
• Keep offline or otherwise protected backups, since preventing access abuse is not always enough.

Broader point

Law-enforcement action against access brokers is significant because it targets a key upstream role in the attack chain. Even so, arrests and sentencing alone do not solve the problem, because the broader criminal market for access, credentials, and exploit services is still active.

The main takeaway is that organizations should treat exposed remote access and credential theft as high-priority risks, because those are often the entry points that make later ransomware deployment possible.

Source

• Yanluowang ransomware access broker gets 81 months in prison

 

[Halp2001]

It's incredible how this market works: one person sells the access and another does the damage. Sometimes we get obsessed with having the best antimalware in the world, but this case reminds us that security starts much earlier—by protecting our accounts and logins. It doesn't matter if you double-lock the door if the broker has already sold your key!