A Russian cybercriminal has been sentenced in the United States for his involvement in operating a botnet that played a key role in launching ransomware attacks against multiple organizations.
Authorities confirmed that Ilya Angelov, aged 40 and originally from Tolyatti, received a two-year prison sentence along with a $100,000 fine. He was known online by aliases such as “milan” and “okart.”
Botnet Operations and Criminal Activities
Investigations revealed that Angelov co-led a cybercrime group identified as TA551, which remained active between 2017 and 2021. The group specialized in building large networks of compromised computers, commonly referred to as botnets.
These infected systems were created through malicious spam campaigns, where victims unknowingly downloaded malware-laced attachments. Once infected, the devices became part of a controlled network that could be used for further attacks or sold to other threat actors.
Monetization Through Ransomware Access
Rather than directly executing all attacks, the group primarily profited by selling access to these compromised machines. This access was later used by ransomware gangs to infiltrate corporate networks and encrypt sensitive data.
One major collaboration involved the BitPaymer ransomware group, which used TA551’s botnet infrastructure to target dozens of U.S. companies. These attacks resulted in ransom payments exceeding $14 million.
Additionally, operators behind the IcedID malware reportedly paid substantial sums to leverage the botnet for distributing their payloads.
Advanced Malware Distribution Techniques
The group continuously refined its attack methods to bypass modern security defenses. Their campaigns typically relied on phishing emails containing password-protected archives. Once opened, these files deployed a chain of malware, including loaders such as MOUSEISLAND and PHOTOLOADER, ultimately leading to ransomware infections.
Collaboration With Other Cybercrime Groups
Over time, TA551 expanded its operations by partnering with various cybercriminal organizations. It played a role in distributing multiple ransomware families, including Conti ransomware, often working alongside other major malware networks.
These partnerships allowed the group to maintain a steady stream of illicit revenue while increasing the scale and impact of their attacks.
Law Enforcement Response
U.S. officials emphasized that international cybercriminals continue to target businesses and critical infrastructure. Despite increasing sophistication in attack techniques, authorities remain committed to identifying and prosecuting those responsible.
The case highlights the growing importance of disrupting botnet infrastructures and cutting off access brokers who act as enablers for large-scale ransomware operations.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
