Fraud Management & Cybercrime
,
Ransomware
,
Standards, Regulations & Compliance
Treasury Links Russian Bulletproof Host Network to Prolific Ransomware Operations
The U.S., Australia and the United Kingdom sanctioned a Russian bulletproof hosting network accused of propping up major ransomware groups – a coordinated strike coming the same day international cyber agencies released guidance aimed at dismantling the infrastructure that keeps those operations alive.
See Also: VMware Carbon Black App Control
The U.S. Department of Treasury announced Wednesday sanctions targeting Media Land, a St. Petersburg-based bulletproof hosting provider that offers cybercriminals an online presence designed to evade law enforcement detection. Treasury said Media Land backs those operations through a network of companies and executives located in Russia, Serbia and Uzbekistan. The move coincides with new international guidance urging internet service providers and infrastructure operators to tighten know-your-customer checks, filter malicious resources and strengthen abuse reporting to weaken the infrastructure ransomware actors rely on to stay hidden.
“These so-called bulletproof hosting service providers like Media Land provide cybercriminals essential services to aid them in attacking businesses in the United States and in allied countries,” U.S. Under Secretary for Terrorism and Financial Intelligence John Hurley said. Treasury described Media Land as a “key launching pad for ransomware” and said the organization and its sister companies provided troubleshooting, payment handling and operational support to criminal marketplaces and prolific ransomware actors including LockBit, BlackSuit and Play.
U.S. officials also sanctioned Media Land’s leadership, including general director Aleksandr Volosovik and employee Kirill Zatolokin, accusing them of advertising the service on criminal forums and coordinating infrastructure for distributed denial-of-service and ransomware campaigns. The sanctions target Volosovik associate Yulia Pankova, who allegedly managed finances and legal issues tied to the illicit hosting business.
The sanctions extend to entities linked to Media Land, such as ML Cloud, Media Land Technology and Data Center Kirishi, which Treasury said operate as extensions of the platform’s cybercrime services. Treasury also paired the Media Land sanctions with new penalties on Hypercore, a front company used by Aeza Group, another bulletproof hosting provider sanctioned earlier this year.
This is a breaking news story and will be updated.
