US Indicts Russian Bulletproof Hosting Providers in Cybercrime Allegations
U.S. federal authorities have filed charges against three Russian nationals for allegedly operating bulletproof hosting (BPH) services linked to ransomware operations causing over $62 million in damages.
Charges Against Russian Nationals
The U.S. federal authorities have filed charges against three Russian nationals, alleging their involvement in operating bulletproof hosting (BPH) services that facilitated ransomware operations responsible for over $62 million in global damages. These services provide server infrastructure designed to evade takedown efforts, enabling cybercriminal activities such as malware distribution, command-and-control communications, phishing campaigns, and hosting of illicit content.
Bulletproof Hosting Services
BPH providers typically disregard user complaints and law enforcement requests to remove malicious assets, effectively shielding their clients from disruption. The indictment details the operations of two BPH platforms, Media Land and ML.Cloud, which offered clients server access across multiple jurisdictions, including China, Finland, the Netherlands, and the United States.
Individuals Charged
Aleksandr Volosovik, who used the alias “Yalishanda” on underground forums, is accused of managing Media Land. Yulia Pankova is alleged to have handled financial and legal affairs for ML.Cloud, while Kirill Zatolokin is charged with processing payments from customers.
Reward Initiative for Information
The U.S. Department of State has launched a reward initiative under its Rewards for Justice program, offering up to $10 million for information related to foreign government-linked associates of the accused, their cyber activities, or state-sponsored use of their services. The agency emphasized that tips could lead to financial compensation and relocation assistance for informants.
International Sanctions
In November, the U.S., United Kingdom, and Australia imposed sanctions on the three individuals and two companies for supporting ransomware and cybercrime operations, including Lockbit, Blacksuit, and Play. The U.S. Treasury’s Office of Foreign Assets Control (OFAC) stated that Media Land’s infrastructure was used to execute distributed denial-of-service (DDoS) attacks against U.S. entities, including telecommunications networks.
Impact of Alleged Activities
United States Attorney David M. Toepfer highlighted the widespread impact of the alleged activities, noting that victims spanned 20 U.S. states and included financial institutions, educational institutions, government agencies, healthcare providers, and media organizations. He underscored the collaborative efforts of international partners to hold perpetrators accountable, regardless of their location.
European Union Sanctions
The European Union recently added Media Land, ML.Cloud, and Aleksandr Volosovik to its sanctions list as part of a coordinated cyber-related measure targeting Russia in partnership with the United Kingdom.
Combating Cybercrime Infrastructure
The case underscores the growing challenge of combating cybercrime infrastructure that operates across borders. Law enforcement agencies continue to emphasize the importance of disrupting services that enable large-scale digital attacks, which pose significant risks to critical systems and economic stability.
Call for Information
The U.S. government has urged individuals with information about the accused or their affiliated entities to come forward through official channels.
“The U.S. Department of State has launched a reward initiative under its Rewards for Justice program, offering up to $10 million for information related to foreign government-linked associates of the accused…”
