{"id":228008,"date":"2026-03-25T07:52:00","date_gmt":"2026-03-25T11:52:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/25\/russian-hacker-sentenced-to-2-years-for-ta551-botnet-driven-ransomware-attacks\/"},"modified":"2026-03-26T22:15:13","modified_gmt":"2026-03-27T02:15:13","slug":"russian-hacker-sentenced-to-2-years-for-ta551-botnet-driven-ransomware-attacks","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/25\/russian-hacker-sentenced-to-2-years-for-ta551-botnet-driven-ransomware-attacks\/","title":{"rendered":"Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/03\/russian-hacker-sentenced-to-2-years-for.html\">Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/03\/russian-hacker-sentenced-to-2-years-for.html\">https:\/\/thehackernews.com\/2026\/03\/russian-hacker-sentenced-to-2-years-for.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-25 07:52:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">The Hacker News<\/span>\ue802<span class=\"author\">Mar 25, 2026<\/span><\/span><span class=\"p-tags\">Cybercrime \/ Ransomware<\/span><\/p>\n<p>The U.S. Department of Justice (DoJ) said a Russian national has been sentenced to two years in prison for managing a botnet that was used to launch ransomware attacks against U.S. companies.<\/p>\n<p>Ilya Angelov, 40, of Tolyatti, Russia, was also fined $100,000. Angelov, who went by the online aliases &#8220;milan&#8221; and &#8220;okart,&#8221; is said to have co-managed a Russia-based cybercriminal group known as TA551 (aka ATK236, G0127, Gold Cabin, Hive0106, Mario Kart, Monster Libra, Shathak, and UNC2420) between 2017 and 2021.<\/p>\n<p>&#8220;Angelov&#8217;s group built a network of compromised computers (a &#8216;botnet&#8217;) through distribution of malware-infected files attached to spam emails,&#8221; the DoJ said. &#8220;Angelov and his co-manager then monetized this botnet by selling access to individual compromised computers (&#8216;bots&#8217;).&#8221;<\/p>\n<p>According to the sentencing memorandum, the threat group developed programs to distribute spam email and refined malware to bypass security tools. Angelov and his co-manager recruited members and oversaw the various activities. Chief among its tools was a backdoor through which malicious software could be uploaded to the victim&#8217;s computers.<\/p>\n<p>The main goal of the attacks was to resell the access to other criminal groups, who leveraged it for ransomware extortion schemes. Between August 2018 and December 2019, TA551 provided the BitPaymer ransomware group with access to its botnet, allowing the e-crime gang to infect 72 U.S. corporations. This resulted in more than $14.17 million in extortion payments.<\/p>\n<p>The operators of the IcedID malware also paid Angelov&#8217;s group over a million dollars to acquire access to the botnet in late 2019 or early 2020 and distribute ransomware, although the extent of the damage is currently not known. It&#8217;s suspected that this partnership blossomed after the disruption of the BitPaymer group. The collaboration lasted until about August 2021, per the U.S. Federal Bureau of Investigation (FBI).<\/p>\n<p>Based on a report&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/03\/russian-hacker-sentenced-to-2-years-for.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks https:\/\/thehackernews.com\/2026\/03\/russian-hacker-sentenced-to-2-years-for.html Publish Date: 2026-03-25&#8230;<\/p>\n","protected":false},"author":1,"featured_media":228009,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgSFQsR3JgSCA44WGyYmcmFuACIlDkUDxOnRar3b3B-JHXTZq_dxARV6GEM5gvclJQktlfwnU88fV1Gzcr3HO7EJHoeE5kYA262Vv0SlCB6XPuyAiTSas8Iw0Ca5QkvnGaduv0Dt9euHjKn6A6lYWAHkpXPjbBRdmV1piwxsILM8wcfgT6mjtgQeEB4BUk\/s1600\/ransomware-russia.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[35,32],"class_list":["post-228008","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-hacker","tag-malware"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/228008"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=228008"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/228008\/revisions"}],"predecessor-version":[{"id":228010,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/228008\/revisions\/228010"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/228009"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=228008"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=228008"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=228008"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}