The US, UK, and Australia have imposed sanctions on Zservers, a bulletproof hosting (BPH) provider used by the LockBit ransomware operation. The sanctions also target six individuals associated with the company. Zservers provided BPH services to LockBit affiliates, enabling them to launch ransomware attacks. The move aims to disrupt the ransomware ecosystem and protect critical infrastructure.
One of the bulletproof hosting (BPH) providers used by the LockBit ransomware operation has been hit with sanctions in the US, UK, and Australia (AUKUS), along with six of its key allies. Headquartered in Barnaul, Russia, Zservers provided BPH services to a number of LockBit affiliates, the three nations said today. On numerous occasions, affiliates purchased servers from the company to support ransomware attacks.
The trio said the link between Zservers and LockBit was established as early as 2022, when Canadian law enforcement searched a known LockBit affiliate and found evidence they had purchased infrastructure tooling almost certainly used to host chatrooms with ransomware victims. \'Ransomware actors and other cybercriminals rely on third-party network service providers like Zservers to enable their attacks on US and international critical infrastructure,' said Bradley T Smith, acting under secretary of the Treasury for terrorism and financial intelligence. 'Today's trilateral action with Australia and the United Kingdom underscores our collective resolve to disrupt all aspects of this criminal ecosystem, wherever located, to protect our national security.' The UK's Foreign, Commonwealth & Development Office (FCDO) said additionally that the UK front company for Zservers, XHOST Internet Solutions, was also included in its sanctions list. According to Companies House, the UK arm was incorporated on January 31, 2022, although the original service was established in 2011 and operated in both Russia and the Netherlands. Anyone found to have business dealings with either entity can face criminal and civil charges under the Sanctions and Anti-Money Laundering Act 2018.\Foreign Secretary David Lammy said:'Putin has built a corrupt mafia state driven by greed and ruthlessness. It is no surprise that the most unscrupulous extortionists and cybercriminals run rampant from within his borders. 'This government will continue to work with partners to constrain the Kremlin and the impact of Russia's lawless cyber underworld. We must counter their actions at every opportunity to safeguard the UK's national security and deliver on our Plan for Change.' Bulletproof hosting services more generally are used in other types of cybercrime, such as child exploitation, misinformation, and hate speech, as well asBPH providers operate just like normal hosting services but market themselves as ultra-secure alternatives that can't be touched by law enforcement, making them ideal for groups who want to ensure legal warrants won't bring their servers down. They also claim to offer additional benefits such as the anonymization of locations, identities, and activities. Disrupting them can in turn scupper hundreds or thousands of other criminals in one fell swoop, the FCDO said.The UK led the way with sanctions, placing six individuals and the two entities on its list, while the US only placed two of the individuals – both alleged Zservers admins – on its equivalent.by the US as the operation's heads. Mishin was said to have marketed Zservers to LockBit and other ransomware groups, managing the associated cryptocurrency transactions. Both he and Bolshakov responded to a complaint from a Lebanese company in 2023 and shut down an IP address used in a LockBit attack. The US said, however, it was possible that the pair set up a replacement IP address that\The UK further sanctioned Ilya Vladimirovich Sidorov, Dmitry Konstantinovich Bolshakov (no mention of whether he is any relation to Aleksandr), Igor Vladimirovich Odintsov, and Vladimir Vladimirovich Ananev. Other than that they were Zservers employees and thus were directly or indirectly involved in attempting to inflict economic loss to the country, not much was said about either of their roles. ®Ransomware scum make it personal for Reg readers by impersonating tech support18Ransomware attack at New York blood services provider – donors turned away during shortage crisi
Ransomware Lockbit Bulletproof Hosting Sanctions Cybersecurity Cybercrime
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Russia-Based Bulletproof Hosting Provider Sanctioned for Supporting LockBit RansomwareZservers, a Russian provider of bulletproof hosting (BPH) services, has been sanctioned by the US, UK, and Australia for aiding the LockBit ransomware operation. The sanctions target Zservers and six individuals allegedly involved in its operation, including those who marketed the service to ransomware groups and facilitated transactions.
Read more »
Russia-Based Bulletproof Hosting Provider Sanctioned for Supporting LockBit RansomwareZservers, a Russian provider of bulletproof hosting (BPH) services, has been sanctioned by the US, UK, and Australia for aiding the LockBit ransomware operation. The sanctions target Zservers and six individuals allegedly involved in its operation, including those who marketed the service to ransomware groups and facilitated transactions.
Read more »
CDNs: Great for speeding up the internet, bad for location privacyAlso, Subaru web portal spills user deets, Tornado Cash sanctions overturned, a Stark ransomware attack, and more
Read more »
Gazprom considers record job cuts as Ukraine war ravages financesRussian energy group hit by plummet in European gas sales and oil sanctions, putting 1,600 jobs on line
Read more »
Chinese Crude Oil Imports From Russia Rose to a Record High in 2024China's crude oil imports from Russia hit a record high in 2024, while imports from Saudi Arabia declined, reflecting a shift in China's sourcing strategy amid geopolitical tensions and sanctions.
Read more »
Russia's 'Shadow Fleet' of Ships Used to Circumvent Sanctions and Damage Maritime InfrastructureExperts warn that Russia's 'shadow fleet' of ships, used to circumvent Western sanctions by selling oil indirectly to the EU and UK, is increasingly being used for acts of sabotage and poses a growing risk to maritime security.
Read more »