Credential Theft
- GrabChrome
- GrabFF
- KeeThief
- Mimikatz
- NirSoft WebBrowserPassView
Yanluowang is a ransomware strain/group active from at least 2021 through late 2022.
Profile source: Mallory opens in a new tabYanluowang
Yanluowang is a ransomware strain/group active from at least 2021 through late 2022. The content describes it as encrypting victim files and demanding payment, typically in cryptocurrency, while also stealing data and using double-extortion tactics by threatening to publish stolen information on leak sites if victims refused to pay. Reported ransom demands ranged from $300,000 to $15 million. Victims also reported coercive pressure tactics including harassing phone calls and distributed denial-of-service attacks. The group targeted large organizations and multiple U.S. sectors, including banks, telecommunications providers, engineering firms, and other corporate networks, with victims identified across states including Pennsylvania, California, Michigan, Illinois, Georgia, and Ohio. The operation relied in part on initial access brokers, notably Aleksei Olegovich Volkov (alias chubaka.kor), who between July 2021 and November 2022 identified and exploited vulnerabilities, breached corporate networks, and sold access to Yanluowang operators for flat fees and shares of ransom proceeds. Court reporting ties Yanluowang-enabled attacks to at least seven or eight U.S. companies and to more than $9 million in actual losses and over $24 million in intended losses. The content also notes that Symantec first identified the group in October 2021, that it was operational from around August 2021, and that it disbanded in late 2022 after its leak site was hacked and internal chat messages were exposed online. Some reporting cited in the content says the group was thought to be Chinese or was posing as Chinese hackers to obscure its members’ identities.
Ransomware.live
Reported operators
He assisted major cybercrime groups, including the Yanluowang ransomware group, charging up to $1,000 for access to business networks, as well as a percentage of the profits.
Aleksei Olegovich Volkov ... served as the initial access broker for the Yanluowang ransomware group ... The victims ... said ... their data was stolen and encrypted by Yanluowang ransomware operators.
Aleksei Olegovich Volkov ... served as the initial access broker for the Yanluowang ransomware group ... The victims ... said ... their data was stolen and encrypted by Yanluowang ransomware operators.
Reporting
His illicit activities directly enabled major cybercrime syndicates, including the notorious Yanluowang ransomware group, to compromise numerous corporate networks across the United States.
Aleksei Volkov, who helped the Yanluowang ransomware gang breach U.S. companies, received an 81-month prison sentence for his role in attacks that caused millions of dollars in damage.
26-year-old Russian national Aleksey Olegovich Volkov was also sentenced to nearly 7 years in prison this week after pleading guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks.
Volkov, also known as “chubaka.kor,” operated as an initial access broker... pleaded guilty in November 2025 to six federal charges stemming from his work with the Yanluowang ransomware group and other cybercriminal organizations between July 2021 and November 2022.
A U.S. court sentenced Aleksei Olegovich Volkov to 81 months in prison for supporting ransomware groups like Yanluowang.
He assisted major cybercrime groups, including the Yanluowang ransomware group, charging up to $1,000 for access to business networks, as well as a percentage of the profits.
A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organizations.
Initial Access Broker sentenced to 81 months in prison for enabling Yanluowang ransomware gang
Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.