The United States, United Kingdom, and Australia have sanctioned Zservers, a Russia-based bulletproof hosting (BPH) provider, for supplying key infrastructure to the LockBit ransomware gang.
Two Russian nationals, Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov, were also sanctioned for managing LockBit’s virtual currency transactions and supporting its attacks.
According to the U.S. Office of Foreign Assets Control (OFAC), a 2022 raid by Canadian authorities uncovered a laptop linked to a Zservers IP address that was running a LockBit malware control panel. Evidence also suggests that in 2022 and 2023, Zservers provided infrastructure, including Russian IP addresses, to LockBit affiliates for ransomware operations.
Officials emphasized the impact of these sanctions on cybercriminal networks. Bradley T. Smith, Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, called out Zservers and similar BPH providers for enabling ransomware attacks against global critical infrastructure. Australian Federal Police Assistant Commissioner Richard Chin dismissed claims that BPH services are “bulletproof,” stressing that law enforcement can dismantle these networks. The U.K. government echoed this sentiment, stating that disrupting BPH providers can cripple thousands of cybercriminals at once.
Additionally, the U.K. has sanctioned XHOST Internet Solutions LP, a front company for Zservers, along with four employees—Ilya Sidorov, Dmitriy Bolshakov, Igor Odintsov, and Vladimir Ananev—for aiding LockBit operations.
As a result of the sanctions, organizations and citizens in the U.S., U.K., and Australia are banned from doing business with Zservers and the sanctioned individuals. Their assets will be frozen, and financial institutions dealing with them could face penalties.
These actions follow the U.S. State Department’s bounty of up to $10 million for LockBit admin Dmitry Khoroshev and up to $15 million for information leading to the arrest of LockBit owners, operators, and affiliates.
