BusinessCybersecurityNewswireTechnologyWhat's Buzzing

US Charges Operators of Russian Bulletproof Hosting Service

▼ Summary

– U.S. federal prosecutors unsealed charges against three Russians for providing bulletproof hosting services to ransomware gangs, causing over $62 million in damages.
– The bulletproof hosting services, Media Land and ML.Cloud, offered infrastructure in multiple countries including China, Finland, the Netherlands, and the U.S.
– Aleksandr Volosovik owned Media Land, Yulia Pankova owned ML.Cloud, and Kirill Zatolokin collected customer payments.
– The U.S. State Department is offering up to $10 million for information on these actors or their foreign government-linked associates.
– The U.S., UK, and Australia previously sanctioned the defendants and companies for supporting ransomware operations like Lockbit, Blacksuit, and Play, including DDoS attacks on U.S. critical infrastructure.

Federal prosecutors in the United States have formally charged three Russian nationals for operating a bulletproof hosting service that enabled ransomware syndicates to inflict more than $62 million in damages on victims across the globe. The indictment, unsealed this week, reveals a sophisticated operation designed to shield cybercriminals from takedown efforts.

These bulletproof hosting (BPH) providers lease server space specifically to support malicious activities, including malware distribution, command-and-control infrastructure, phishing campaigns, and hosting illicit content. Their key selling point is a promise to ignore victim complaints and law enforcement takedown requests, effectively rendering their services immune to disruption.

The two companies at the center of the case, Media Land and ML. Cloud, operated server infrastructure across multiple jurisdictions, including China, Finland, the Netherlands, and the United States. This global footprint made it especially difficult for authorities to dismantle their operations.

According to court documents, Aleksandr Volosovik, known on cybercrime forums as “Yalishanda,” owned Media Land. Yulia Pankova owned ML. Cloud and handled legal and financial matters, while Kirill Zatolokin managed customer payments. The U. S. Department of State has now offered a reward of up to $10 million through its Rewards for Justice program for information on foreign government-linked associates tied to these individuals or their malicious cyber activities.

The United States, United Kingdom, and Australia had already sanctioned all three defendants and both companies in November, citing their role in providing attack infrastructure and technical support to ransomware groups such as Lockbit, Blacksuit, and Play. The Treasury Department’s Office of Foreign Assets Control (OFAC) noted at the time that Media Land’s servers were used to launch distributed denial-of-service (DDoS) attacks against American companies and critical infrastructure, including telecommunications systems.

“Victims in this case span not just Ohio but 20 other states, touching every aspect of American life: banks, schools, government agencies, hospitals, and media companies,” said U. S. Attorney David M. Toepfer. “Together with our international partners, we will aggressively pursue those who hide behind computers anywhere in the world to profit and wreak havoc on the infrastructure that supports our communities.”

This week, the Council of the European Union also imposed sanctions on Media Land, ML. Cloud, and Alexander Volosovik as part of the first joint cyber sanctions package coordinated with the United Kingdom against Russia.

(Source: BleepingComputer)

Topics

bulletproof hosting 95% ransomware gangs 93% russian nationals 91% cybercrime indictment 90% financial damages 88% international sanctions 87% rewards for justice 85% malware infrastructure 84% ddos attacks 82% law enforcement action 81%