US Sentences Russian Cybercriminal Over $14M Ransomware Scheme

A Russian national received a two-year federal prison sentence after admitting he co-managed a malware-infected botnet that facilitated ransomware attacks against dozens of U.S. companies, triggering substantial fines and money judgments tied to millions in extortion payments.

A federal judge sentenced Ilya Angelov, 40, of Tolyatti, Russia, to two years behind bars and ordered a $100,000 fine plus a $1.6 million money judgment. Angelov pleaded guilty to running an operation that controlled infected machines and sold access to them, enabling other criminals to deploy ransomware on corporate networks.

The records show Angelov operated under online names such as “milan” and “okart” while co-managing a Russia-based cybercriminal network that U.S. authorities identified as Mario Kart. Security researchers have labeled the group with several other names, including TA-551, Shathak, GOLD CABIN, Monster Libra, ATK236, and G0127.

The scheme relied on widespread distribution of malware-laden attachments in spam emails to build a botnet of compromised computers. Once machines were infected, Angelov’s crew sold access to individual compromised systems, a model that turned infected endpoints into commodities for ransom operators.

Buyers of that access typically used it to carry out ransomware extortion, locking companies out of their own networks and demanding cryptocurrency payments in exchange for decryption or restored access. Prosecutors say one ransomware campaign tied to the network led to extortion payments exceeding $14 million across more than 70 U.S. companies.

In one instance, another group that deployed ransomware reportedly paid Angelov’s operation over a million dollars simply for the right to use the Mario Kart botnet. The businesslike sale of bots created an ecosystem where multiple criminal actors profited from the same underlying infections.

The financial penalties imposed on Angelov accompany his prison term and reflect both direct and indirect losses from the scheme. The $1.6 million money judgment aims to capture proceeds linked to the criminal enterprise while the fine underscores the court’s punitive response.

Federal officials emphasized the cross-border effort required to hold him accountable, noting the investigation used international cooperation to trace activity and evidence. Dutch and German authorities assisted the FBI Detroit Cyber Task Force, and the Department of Justice’s Office of International Affairs provided critical support.

“Foreigner cybercriminals like this defendant target American citizens and corporations. Their methods grow in sophistication. But their motive remains the same — to rip-off and harm us. We are grateful to the FBI and our other partners for their continued vigilance,” said U.S. Attorney Gorgon.

FBI leadership highlighted the reach of law enforcement and the message the sentence sends to online offenders. “May this sentencing serve as a strong message to cyber criminals who believe they can hide behind screens and false identities: you cannot escape the FBI’s reach. You will be held accountable,” said Special Agent in Charge Jennifer Runyan of the FBI Detroit Field Office. “This successful investigation reflects the FBI’s ongoing commitment to identifying, tracking, and dismantling the criminal networks that financially exploit individuals and U.S. corporations. I would like to thank the FBI Detroit Cyber Task Force for their exceptional work in this investigation and to the U.S. Attorney’s Office for ensuring justice was achieved.”

The case narrative outlines a clear supply chain: malware distribution created infected machines, those machines were sold as access points, and third parties used that access to deploy ransomware. That division of labor allowed each criminal actor to specialize while amplifying the overall damage.

Prosecutors tied the botnet’s reach to dozens of corporate victims in the United States, where response and recovery costs added to the direct extortion losses. Victim companies faced operational disruption, incident response expenses, and potential data exposure on top of ransom payments.

Investigators say the botnet’s operators monetized scale, selling many individual bots to multiple buyers over time. This model turned relatively low-cost malware distribution into a lucrative, repeatable revenue stream for the organizers.

The prosecution team included Assistant United States Attorney Timothy Wyse, who handled the government’s case in federal court. The combined international investigative steps and prosecutorial effort produced the guilty plea and the resulting sentence and financial orders.

By targeting a manager in the botnet’s hierarchy, authorities aimed to disrupt the infrastructure that enabled later-stage ransomware deployments. Charging those who sell access addresses a layer of the criminal ecosystem that too often goes unpunished.

The sentence, fines, and money judgment together represent a multifaceted response intended to penalize wrongdoing and recover criminal proceeds. Officials framed the outcome as evidence that coordinated law enforcement action can reach actors who operate across borders and behind false identities.

Picture of The Real Side

The Real Side

Posts categorized under "The Real Side" are posted by the Editor because they are deemed worthy of further discussion and consideration, but are not, by default, an implied or explicit endorsement or agreement. The views of guest contributors do not necessarily reflect the viewpoints of The Real Side Radio Show or Joe Messina. By publishing them we hope to further an honest and civilized discussion about the content. The original author and source (if applicable) is attributed in the body of the text. Since variety is the spice of life, we hope by publishing a variety of viewpoints we can add a little spice to your life. Enjoy!

Leave a Replay

Recent Posts

Sign up for Joe's Newsletter, The Daily Informant