VulnHub

Real-time Cybersecurity News

Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks

The Hacker News
RansomwareExploitBotnet

Overview

Ilya Angelov, a 40-year-old Russian man, has been sentenced to two years in prison for his role in managing a botnet that facilitated ransomware attacks targeting U.S. companies. The botnet, associated with a cybercriminal group known as TA551, was used to deploy malicious software that locked users out of their systems until a ransom was paid. In addition to his prison sentence, Angelov was fined $100,000. This case underscores the ongoing challenges posed by international cybercrime, particularly how individuals can exploit technology to harm businesses and individuals across borders. The sentencing aims to deter similar cybercriminal activities and demonstrates law enforcement's commitment to addressing ransomware threats.

Key Takeaways

  • Affected Systems: U.S. companies affected by ransomware attacks from the TA551 botnet.
  • Action Required: Companies should enhance their cybersecurity measures, including regular data backups, employee training on phishing scams, and implementing robust security protocols to prevent ransomware infections.
  • Timeline: Ongoing since at least 2020

Original Article Summary

The U.S. Department of Justice (DoJ) said a Russian national has been sentenced to two years in prison for managing a botnet that was used to launch ransomware attacks against U.S. companies. Ilya Angelov, 40, of Tolyatti, Russia, was also fined $100,000. Angelov, who went by the online aliases "milan" and "okart," is said to have co-managed a Russia-based cybercriminal group known as TA551 (aka

Impact

U.S. companies affected by ransomware attacks from the TA551 botnet.

Exploitation Status

No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.

Timeline

Ongoing since at least 2020

Remediation

Companies should enhance their cybersecurity measures, including regular data backups, employee training on phishing scams, and implementing robust security protocols to prevent ransomware infections.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Ransomware, Exploit, Botnet.

Read Original Article

Related Coverage

New Torg Grabber infostealer malware targets 728 crypto wallets

BleepingComputer

A new type of malware called Torg Grabber is targeting users by stealing sensitive information from around 850 browser extensions, with over 700 specifically linked to cryptocurrency wallets. This malware is designed to capture private keys, passwords, and other critical data, posing a significant risk to individuals who manage their digital assets online. The widespread nature of this attack means that many popular wallet extensions could be compromised, leaving users vulnerable to financial theft. Researchers are urging users to be cautious about which extensions they install and to regularly update their security practices. This incident highlights the ongoing challenges in keeping digital assets safe from evolving cyber threats.

Mar 25, 2026

Blame Game: Why Public Cyber Attribution Carries Risks

darkreading

The article discusses the complexities and potential risks associated with publicly attributing cyberattacks to specific entities. It emphasizes that organizations should carefully weigh the consequences of making such accusations, as it can lead to diplomatic tensions, retaliation, or even misdirected blame. The authors argue that while public attribution can help raise awareness about threats, it also carries the risk of escalating conflicts or damaging reputations without solid evidence. Companies must consider the potential fallout before announcing their findings, especially in an environment where cyber warfare is increasingly common. Overall, the piece serves as a cautionary note for organizations navigating the challenging waters of cyber incident attribution.

Mar 25, 2026

5 telltale signs that your phone has been compromised (and how to combat them)

Latest news

The article outlines five key signs that your smartphone may have been compromised. These signs include unusual battery drain, unexpected data usage, unfamiliar apps, strange text messages, and poor performance. It advises users to be vigilant for these indicators and provides secret codes that can help diagnose potential issues. Recognizing these signs early can help users take action to secure their devices and protect personal information. Understanding how to spot a compromised phone is crucial in today’s digital landscape, where cyber threats are increasingly common.

Mar 25, 2026

Phishers Pose as Palo Alto Networks' Recruiters for Months in Job Scam

darkreading

Phishing scammers have been impersonating recruiters from Palo Alto Networks to trick job seekers since August. These fraudsters have used psychological tactics and personal information gleaned from LinkedIn profiles to create convincing fake job offers. Victims are often led to believe they are in the running for legitimate positions, only to be scammed out of money or personal information. This ongoing scheme not only targets job seekers but also potentially damages the reputation of the real company. It's crucial for job candidates to verify the authenticity of job offers and be cautious when sharing personal details online.

Mar 25, 2026

Patch now: TP-Link Archer NX routers vulnerable to firmware takeover

Security Affairs

TP-Link has addressed a significant security vulnerability in its Archer NX router series, identified as CVE-2025-15517, which has a CVSS score of 8.6. This flaw allows attackers to bypass authentication measures, potentially enabling them to install malicious firmware on affected devices. The vulnerability affects several models, including the Archer NX200, NX210, and NX500, among others. Users of these routers are urged to update their firmware promptly to protect against potential exploits. This incident is particularly concerning as it highlights the risks associated with consumer-grade networking equipment, which often lacks robust security measures.

Mar 25, 2026

SANS: Top 5 Most Dangerous New Attack Techniques to Watch

darkreading

The SANS Institute has identified five new attack techniques that all utilize artificial intelligence. These techniques pose significant risks as they can automate and enhance cyber attacks, making them more effective and harder to detect. Organizations across various sectors should be aware of these emerging threats, as they could lead to data breaches, system compromises, and other serious security incidents. The report emphasizes the need for companies to adapt their security measures and stay informed about advancements in AI that could be exploited by attackers. As AI continues to evolve, it is crucial for cybersecurity professionals to understand these techniques to better protect their systems.

Mar 25, 2026