The United States, Australia, and the United Kingdom sanctioned Russian cybercrime infrastructure on Tuesday, targeting companies that provide bulletproof hosting services to ransomware operators.
The coordinated action focuses on Media Land LLC and its affiliates, which have supported major ransomware groups including LockBit, BlackSuit, and Play. The sanctions mark an escalation in Western efforts to disrupt the ecosystem that enables ransomware attacks, which have crippled businesses and critical infrastructure worldwide.
Media Land, based in St. Petersburg, sells specialized servers designed to evade law enforcement detection. The company’s infrastructure has been used in distributed denial-of-service attacks against U.S. companies and critical infrastructure.
“These so-called bulletproof hosting service providers like Media Land provide cybercriminals essential services to aid them in attacking businesses in the United States and in allied countries,” said Under Secretary of the Treasury John K. Hurley.
The Treasury official emphasized that the trilateral action demonstrates “our collective commitment to combating cybercrime and protecting our citizens.”
The sanctions target Media Land’s general director, Aleksandr Volosovik, who advertised the company’s services on cybercriminal forums under the alias “Yalishanda.” Also designated were employee Kirill Zatolokin, who collected payments from customers, and Yulia Pankova, who handled Volosovik’s finances.
Three Media Land affiliates face sanctions: ML Cloud, whose infrastructure supported ransomware attacks; Media Land Technology; and Data Center Kirishi. All are subsidiaries of the parent company.
The action also targets efforts to evade sanctions previously imposed on Aeza Group LLC, another bulletproof hosting provider designated earlier this year. After those sanctions, Aeza’s leadership launched a rebranding strategy to disconnect from its infrastructure.
Hypercore Ltd., a UK company registered by Aeza to move its infrastructure and evade sanctions, now faces designation. The Treasury also sanctioned Aeza’s new director, Maksim Vladimirovich Makarov, and Ilya Vladislavovich Zakirov, who helped establish new companies to obscure Aeza’s activities.
Two additional companies used by Aeza received sanctions: Smart Digital Ideas DOO in Serbia and Datavice MCHJ in Uzbekistan. Both helped the group evade sanctions and establish infrastructure not publicly linked to the Aeza brand.
The sanctions freeze all U.S. property belonging to the designated individuals and entities. Financial institutions that engage with sanctioned parties risk penalties.
The Cybersecurity and Infrastructure Security Agency released guidance on mitigating risks from bulletproof hosting providers. The agency urged organizations to implement defensive measures against these specialized cybercrime services.