The U.S. Department of Justice has unsealed criminal charges against three Russian nationals and two Russia-based hosting companies accused of providing the online infrastructure used in major cyberattacks against organizations across the United States.

Prosecutors say the operation enabled ransomware, malware, phishing, and other cybercrime campaigns that caused tens of millions of dollars in damages.

Those charged include Alexander Alexandrovich Volosovik, Kirill Andreevich Zatolokin, and Yulia Vladimirovna Pankova, along with the companies Medialand LLC and ML.Cloud LLC, both based in St. Petersburg, Russia. The indictment, originally returned in December 2024, alleges the defendants conspired to commit computer fraud, wire fraud, and money laundering by operating so-called “bulletproof hosting” services for cybercriminals.

According to prosecutors, the companies rented servers and internet infrastructure specifically designed to help criminals avoid law enforcement detection while carrying out attacks. Authorities say the services were used to distribute ransomware and malware, host criminal marketplaces, register fraudulent domains, and launch phishing and brute-force attacks against victims.

Investigators allege the hosting infrastructure operated not only from Russia but also from several other countries, including China, Finland, the Netherlands, and the United States. The Justice Department says at least 42 victims across 21 U.S. states were affected, including banks, hospitals, schools, government agencies, and media organizations.

Alongside the criminal charges, the U.S. Department of State announced a reward of up to $10 million, as well as possible relocation assistance, for information leading to the identification of foreign government-linked associates connected to the defendants, their cyber activities, or the use of Medialand and ML.Cloud by foreign governments.

READ
EU and UK Launch First Joint Cyber Sanctions Against Russia Over Hacking Campaigns

The defendants and their companies were previously sanctioned by the U.S. Treasury in November 2025. Those sanctions, which were supported by the United Kingdom and partially by Australia, block U.S.-based assets and prohibit transactions involving the sanctioned individuals and businesses.

The investigation was led by the FBI’s Cleveland Division with support from the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Treasury’s Office of Foreign Assets Control, and international law enforcement agencies in the Netherlands, the United Kingdom, and Australia.


Buy ExpressVPN with PayPal or Credit Card

The case is part of the FBI’s ongoing Operation Riptide, a long-term campaign targeting cybercriminal infrastructure, financial networks, and the services that enable ransomware, online fraud, and other cyber-enabled crimes. According to the FBI, Americans reported more than $20 billion in cybercrime losses last year, marking a 26% increase from the previous year.

Advertisement