Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks

Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks The Hacker NewsMar 25, 2026Cybercrime / Ransomware The U.S. Department of Justice (DoJ) said a Russian national has been sentenced to two years in prison for managing a botnet that was used to launch ransomware attacks against U.S. companies. Ilya Angelov, 40, of Tolyatti, Russia, was also fined $100,000. Angelov, who went by the online aliases "milan" and "okart," is said to have co-managed a Russia-based cybercriminal group known as TA551 (aka ATK236, G0127, Gold Cabin, Hive0106, Mario Kart, Monster Libra, and Shathak) between 2017 and 2021. "Angelov's group built a network of compromised computers (a 'botnet') through distribution of malware-infected files attached to spam emails," the DoJ said. "Angelov and his co-manager then monetized this botnet by selling access to individual compromised computers ('bots')." According to the sentencing memorandum, the threat group developed programs to distribute spam email and refined malware to bypass security tools. Angelov and his co-manager recruited members and oversaw the various activities. Chief among its tools was a backdoor through which malicious software could be uploaded to the victim's computers. The main goal of the attacks was to resell the access to other criminal groups, who leveraged it for ransomware extortion schemes. Between August 2018 and December 2019, TA551 provided the BitPaymer ransomware group with access to its botnet, allowing the e-crime gang to infect 72 U.S. corporations. This resulted in more than $14.17 million in extortion payments. The operators of the IcedID malware also paid Angelov's group over a million dollars to acquire access to the botnet in late 2019 or early 2020 and distribute ransomware, although the extent of the damage is currently not known. It's suspected that this partnership blossomed after the disruption of the BitPaymer group. The collaboration lasted until about August 2021, per the U.S. Federal Bureau of Investigation (FBI). In November 2021, Cybereason revealed that the operators of the TrickBot trojan were teaming up with TA551 to distribute Conti Ransomware. That same month, France's Computer Emergency Response Team (CERT-FR) also disclosed that the Lockean ransomware gang was using distribution services offered by TA551 following the law enforcement takedown of the Emotet botnet at the start of 2021. "Foreigner cybercriminals like this defendant target American citizens and corporations," U.S. Attorney Jerome F. Gorgon Jr. said in a statement. "Their methods grow in sophistication. But their motive remains the same – to rip-off and harm us." The development comes a day after the DoJ announced that another Russian national, a 26-year-old Aleksei Olegovich Volkov (aka "chubaka.kor" and "nets"), was sentenced to nearly 7 years in prison after pleading guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks targeting eight companies in the U.S. between July 2021 and November 2022. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  botnet, Cybercrime, cybersecurity, data breach, FBI, law enforcement, Malware, Phishing, ransomware, Threat Intelligence Trending News ⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents and More Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation Veeam Patches 7 Critical Backup and Replication Flaws Allowing Remote Code Execution OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack and More Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026 FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8 Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets Load More ▼ Popular Resources Get the 2026 ASV Report to Benchmark Top Validation Tools Fix Security Noise by Focusing Only on Validated Exposures Guide - Discover How to Validate AI Risks With Adversarial Testing Webinar - Identify Key Attack Paths to Your Crown Jewels with CSMA