The U.S. Treasury Department, in collaboration with officials from Australia and the U.K., has sanctioned Zservers, a Russian bulletproof hosting service, for its role in facilitating ransomware attacks by the LockBit hacking group. Zservers, based in Barnaul, Russia, offered cybercriminals services such as IP addresses, servers, and domains, which were used for malware distribution, botnet operations, and other cybercrime-related activities. The service is implicated in multiple ransomware attacks, including a 2023 attack on the Industrial Commercial Bank of China, where LockBit affiliates leased IP addresses from Zservers to carry out the attack.
Alongside the sanctions against Zservers, U.S. authorities also targeted key individuals, including administrators Alexander Mishin and Aleksandr Bolshakov. Mishin was involved in advertising Zservers’ services and managing cryptocurrency payments, while Bolshakov played a role in addressing complaints from cybercriminals regarding misuse of the service. The sanctions are part of a broader effort by international authorities to disrupt ransomware actors and the infrastructure supporting them. In addition to Zservers, the U.K. also sanctioned several members associated with the hosting service.
The U.S. and its partners have made significant efforts to combat ransomware attacks by targeting the infrastructure used by cybercriminals, such as bulletproof hosting services.
Zservers is seen as a critical player in this ecosystem, providing cybercriminals with the tools needed to launch attacks on international critical infrastructure. These sanctions are an indication of the growing cooperation among global law enforcement agencies to tackle the complex and evolving cybercrime landscape, with a particular focus on the role of technology providers who enable such attacks.
The move against Zservers highlights the increasing focus on disrupting cybercrime at all levels, from the ransomware actors themselves to the services that support their operations. This coordinated action aims to reduce the capacity of ransomware groups to execute large-scale attacks, which have caused significant damage to both private and public sector entities worldwide. The international nature of these sanctions reflects a collective determination to address the growing cybersecurity threats posed by state-sponsored and independent cybercriminal groups alike.
