In the ransomware sentencing, DOJ said stolen children’s health information was used to extort victims. Prosecutors linked the conduct to a broader Russian extortion operation targeting 54+ companies.

Alongside allegations of widespread ransomware theft and extortion, DOJ said the defendant helped a Russian ransomware organization use extremely sensitive personal data to increase extortion pressure. Prosecutors stated that the group stole information from victims and then used the stolen material to demand payment, describing the operation as more than encryption-based disruption. DOJ specifically alleged that stolen children’s health information was used as leverage during the extortion process. This points to a common escalation pattern in modern ransomware cases: rather than relying solely on downtime, attackers seek additional leverage by threatening disclosure or coercing victims with the most damaging data they can steal. The sentencing also referenced the group’s broader scope, including extortion of over 54 companies and profits derived from hacks. DOJ described involvement that helped the organization profit from attacks, including incidents where services such as a government entity’s 911 system were reportedly forced offline. By emphasizing children’s health data, the case illustrates the real-world harms that can extend beyond financial losses and disrupt medical privacy and care obligations. The ruling signals that prosecutors view data theft plus extortion tactics as central to criminal liability, especially where vulnerable information is targeted to drive payment compliance.