Home > Security > Security News

Russian Mario Kart Manager Sentenced for Botnet Ransomware Attacks on Over 70 US Corporations

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Two men in prison
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google
Key Takeaways
  • Prison sentence issued: A Russian cybercriminal was sentenced to 24 months in prison and fined $1.6 million for managing a massive malicious botnet.
  • Botnet ransomware attacks: The Mario Kart cybercriminal group sold compromised network access to threat actors, enabling extensive corporate extortion schemes.
  • Massive financial impact: The FBI cyber task force linked the network to ransomware infections at over 70 U.S. corporations, resulting in $14 million in losses.

A Russian national who managed Mario Kart was sentenced to 24 months in prison by a U.S. District Court. Ilya Angelov, 40, pled guilty to managing a sophisticated botnet network of compromised computers that facilitated devastating ransomware attacks against several dozen American businesses.

Between 2017 and 2021, Angelov, who went by the aliases “milan” and “okart,” co-managed a Russia-based cybercriminal syndicate designated by the FBI as Mario Kart (also known as TA-551, Shathak, GOLD CABIN, Monster Libra, ATK236, and G0127), according to court records.

Executing the Network Compromise

The Mario Kart group built its illicit network through a massive spam email campaign that could send 700,000 emails a day, distributing malware-infected attachments to compromise devices, possibly approximately 3,000 computers per day. 

The operators monetized the botnet by selling direct access to these infected nodes to secondary cybercriminal gangs. These purchasing groups utilized the access to execute ransomware attacks, encrypting victim networks and demanding payments for network decryption keys.

Investigations led by the FBI cyber task force revealed that a ransomware organization linked to the Mario Kart botnet successfully extorted over $14 million from more than 70 U.S. corporations. Another threat group paid Angelov's syndicate over $1 million for access.

Cybercrime Prosecution

In the Mario Kart prosecution case, in addition to the 2-year prison term, the judge imposed a $100,000 fine and entered a $1.6 million money judgment against the defendant.

Foreign cybercriminals like this defendant target American citizens and corporations. Their methods grow in sophistication. But their motive remains the same – to rip off and harm us,” said U.S. Attorney Gorgon.

Earlier this month, a Russian Phobos Ransomware admin pleaded guilty to wire fraud conspiracy 

Add a Comment
Related
Palo Alto Networks Phishing Scam Targets Professionals
Poland Cyberattacks Surged in 2025, Suspected Pro-Russian Actors Targeted Critical Infrastructure
Alleged OVHcloud Data Breach Exposes Millions of Customers and Server Infrastructure
FriendlyDealer Scam Mimics App Stores to Push Gambling Platforms, Some Impersonate Mr. Beast Affiliations
Resolv DeFi Breach Results in $24.5 Million Theft and Minting of $80 Million of Uncollateralized USR
DarkSword iPhone Exploit Kit Newer Version Leaks on GitHub, Exposing iOS Users to Spyware
Most Popular
Palo Alto Networks Phishing Scam Targets Professionals
Poland Cyberattacks Surged in 2025, Suspected Pro-Russian Actors Targeted Critical Infrastructure
Alleged OVHcloud Data Breach Exposes Millions of Customers and Server Infrastructure
FriendlyDealer Scam Mimics App Stores to Push Gambling Platforms, Some Impersonate Mr. Beast Affiliations
Resolv DeFi Breach Results in $24.5 Million Theft and Minting of $80 Million of Uncollateralized USR
DarkSword iPhone Exploit Kit Newer Version Leaks on GitHub, Exposing iOS Users to Spyware
Palo Alto Networks Phishing Scam Targets Professionals
Poland Cyberattacks Surged in 2025, Suspected Pro-Russian Actors Targeted Critical Infrastructure
Alleged OVHcloud Data Breach Exposes Millions of Customers and Server Infrastructure
FriendlyDealer Scam Mimics App Stores to Push Gambling Platforms, Some Impersonate Mr. Beast Affiliations
Resolv DeFi Breach Results in $24.5 Million Theft and Minting of $80 Million of Uncollateralized USR
DarkSword iPhone Exploit Kit Newer Version Leaks on GitHub, Exposing iOS Users to Spyware

Most Popular
Palo Alto Networks Phishing Scam Targets Professionals
Poland Cyberattacks Surged in 2025, Suspected Pro-Russian Actors Targeted Critical Infrastructure
Alleged OVHcloud Data Breach Exposes Millions of Customers and Server Infrastructure
FriendlyDealer Scam Mimics App Stores to Push Gambling Platforms, Some Impersonate Mr. Beast Affiliations
Resolv DeFi Breach Results in $24.5 Million Theft and Minting of $80 Million of Uncollateralized USR
DarkSword iPhone Exploit Kit Newer Version Leaks on GitHub, Exposing iOS Users to Spyware
Palo Alto Networks Phishing Scam Targets Professionals
Poland Cyberattacks Surged in 2025, Suspected Pro-Russian Actors Targeted Critical Infrastructure
Alleged OVHcloud Data Breach Exposes Millions of Customers and Server Infrastructure
FriendlyDealer Scam Mimics App Stores to Push Gambling Platforms, Some Impersonate Mr. Beast Affiliations
Resolv DeFi Breach Results in $24.5 Million Theft and Minting of $80 Million of Uncollateralized USR
DarkSword iPhone Exploit Kit Newer Version Leaks on GitHub, Exposing iOS Users to Spyware

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: