The United States, Australia, and the United Kingdom imposed sanctions on Zservers, a Russia-based service that provides technical infrastructure for websites hosting illicit or controversial content. Known as a “bulletproof hosting” service provider (BPH), Zservers is accused of facilitating cybercriminal activities, including ransomware attacks.
The U.S. Treasury’s Office of Foreign Assets Control (OFAC), Australia’s Department of Foreign Affairs and Trade, and the U.K. Foreign, Commonwealth, and Development Office targeted Zservers for its role in supporting ransomware attacks by LockBit—a Russia-based ransomware group responsible for one of the most widely deployed ransomware variants. LockBit gained notoriety for the November 2023 attack on the Industrial Commercial Bank of China’s U.S. broker-dealer.
According to OFAC, BPH providers like Zservers sell access to specialized servers and infrastructure designed to evade detection and resist law enforcement disruption, thereby facilitating malicious cyber activities.
The U.K. authorities have identified Zservers as a “key component of the Russian cybercrime supply chain,” noting that the company provides crucial infrastructure for cybercriminals orchestrating attacks against the U.K.
They emphasized that this illicit supply chain shields and supports some of the world’s most ruthless ransomware gangs. These services enable ransomware actors to launch attacks, extort victims, and store stolen data. In 2023 alone, these groups generated $1 billion in revenue from their victims.
“Putin has built a corrupt mafia state driven by greed and ruthlessness. It is no surprise that the most unscrupulous extortionists and cyber-criminals run rampant from within his borders,” said U.K. Foreign Secretary David Lammy.
OFAC has also designated two Russian nationals—Alexander Mishin and Aleksandr Bolshakov—whom it describes as key administrators of Zservers, enabling ransomware attacks and other criminal activities.Â
Mishin allegedly marketed the company’s BPH services to cybercriminals, including LockBit, knowing they would be used for illicit purposes. He also facilitated virtual currency transactions for these operations.
Bolshakov, in collaboration with Mishin, reportedly worked to shut down an IP address in 2023 after a Lebanese company reported it was linked to a LockBit ransomware attack. Despite this, Zservers continued the attacks by assigning a new IP address to the attacker. Mishin reportedly directed this change and falsely assured the Lebanese company that the issue had been resolved, according to OFAC.
In addition to Mishin and Bolshakov, U.K. authorities have sanctioned four individuals and one entity—Ilya Sidorov, Dmitriy Bolshakov, Igor Odintsov, Vladimir Ananev, and XHOST Internet Solutions LP.
U.K. Minister of State for Security Dan Jarvis reaffirmed the government’s commitment to tackling ransomware threats.
“With these targeted sanctions and the full weight of our law enforcement, we are countering the threats we face to protect our national security, a foundation of our [U.K. Prime Minister Keir Starmer’s strategic] Plan for Change, and our economy,” he said.Â
In January of this year, the U.K. announced new world-first proposals aimed at deterring ransomware attacks and dismantling the business model behind them.
