U.S. sanctions bulletproof hosting provider for supplying LockBit infrastructure
A consortium of U.S., Australian and U.K. officials announced coordinated sanctions Tuesday against Zservers, a Russia-based bulletproof hosting provider. The action targets the company for its role in facilitating ransomware attacks, most notably those conducted by the LockBit ransomware-as-a-service (RaaS) group.
Officials detailed that Zservers has long been linked to cybercriminal forums, where it has advertised services designed to evade law enforcement scrutiny. The hosting provider leases specialized servers and numerous IP addresses to cybercriminals, allowing groups like LockBit to execute ransomware operations with greater anonymity and resilience to disruption.
Sanctions were also issued against two Russian nationals, Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov, both key administrators at Zservers. Documentation indicates Mishin actively marketed the company’s services to cybercriminals and facilitated virtual currency transactions, while Bolshakov assisted in reassigning IP addresses following complaints related to an alleged ransomware attack. Their actions are seen as complicit in a broader ecosystem that regularly bypasses law enforcement interventions.
The sanctions highlight ongoing international efforts to combat cybercrime and reduce reliance on safe havens that allow cybercriminal groups to operate with impunity. As Russian-based entities continue to serve as hubs for digital illicit activities, officials stress that the measures are aimed at disrupting the financial and technological infrastructure of these criminal networks.
“Ransomware actors and other cybercriminals rely on third-party network service providers like Zservers to enable their attacks on U.S. and international critical infrastructure,” said Bradley T. Smith, acting undersecretary of the Treasury for terrorism and financial intelligence. “Today’s trilateral action with Australia and the United Kingdom underscores our collective resolve to disrupt all aspects of this criminal ecosystem, wherever located, to protect our national security.”
This sanction builds upon similar actions focused on disrupting the LockBit gang. In February of last year, Operation Cronos, led by the FBI and the U.K.’s National Crime Agency, targeted key servers the group used for leaking data, file sharing, and communications. In October, an international law enforcement coalition announced arrests, seizures, and sanctions against LockBit ransomware infrastructure, including four arrests linked to the group. In December, the Department of Justice charged Rostislav Panev, a dual Russian and Israeli national, for his alleged role as a developer in the notorious LockBit ransomware group.
The sanctions will stop Zservers and its managers from using their property or money in the United States, or if it’s held by people in the U.S. The new rules also apply to any businesses owned or controlled by these people. Financial institutions and other groups that do business with these individuals might face penalties if they bypass the restrictions.
