Close Menu
    Home / About / Advertise / Contact
    Regulation

    Three Nations Unite to Sanction Russian Cyber Infrastructure Company

    Russian tech company Zservers faces international sanctions for providing secure hosting services to LockBit ransomware operators, with six individuals and a UK front company also targeted in the coordinated action.
    Maisie MorrisonBy No Comments4 Mins Read

    TLDR

    • International coalition sanctions Russian hosting provider Zservers for enabling LockBit ransomware attacks
    • Six individuals including administrators Mishin and Bolshakov face asset freezes and travel bans
    • Investigation revealed $5.2 million in crypto transactions through high-risk exchanges
    • Company provided infrastructure masking services to multiple ransomware groups
    • UK front company XHOST Internet Solutions LP also targeted in crackdown

    The United States, United Kingdom, and Canadia announced joint sanctions against Russian technology company Zservers on February 11, 2025, marking a new phase in the international fight against ransomware infrastructure. The company, based in Barnaul, Russia, provided hosting services that helped cybercriminals hide their activities from law enforcement.

    The sanctions target Zservers, its British front company XHOST Internet Solutions LP, and six individuals involved in running the operation. These measures block all their assets in the sanctioning countries and prevent them from accessing the global financial system.

    Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov, who served as administrators for Zservers, played key roles in the company’s operations. According to U.S. Treasury documents, Mishin handled cryptocurrency payments and advertised services on criminal forums, while Bolshakov managed the technical infrastructure.

    Canadian Involvement

    Evidence gathered by Canadian police shows how Zservers protected its criminal clients. When authorities raided a LockBit affiliate’s home in 2022, they found direct links to Zservers’ infrastructure. The company’s services allowed ransomware operators to mask their locations and continue attacks even after being detected.

    A case involving a Lebanese organization highlights Zservers’ methods. When the organization complained about ransomware attacks coming from a Zservers IP address, Mishin claimed to have stopped the service. However, internal communications show he simply ordered Bolshakov to give the attacker a new IP address.

    Blockchain analysis company Chainalysis tracked over $5.2 million in cryptocurrency flowing through Zservers’ accounts. The money moved through Garantex, a sanctioned Russian exchange, and other platforms that didn’t require customer identification.

    UK Involvement

    The British government expanded the scope of sanctions to include four more individuals: Ilya Sidorov, Dmitriy Bolshakov, Igor Odintsov, and Vladimir Ananev. These people helped manage various aspects of Zservers’ operations.

    LockBit, the ransomware group that used Zservers’ services, has attacked many major organizations since 2019. Their targets included Bangkok Airways, Accenture, and Canadian government agencies. In 2023, they launched a major attack against the Industrial Commercial Bank of China.

    The relationship between Zservers and LockBit went beyond basic hosting. The company provided special services to help ransomware affiliates avoid detection, including quickly changing their digital identities when law enforcement got close.

    USA Involvement

    Bradley T. Smith from the U.S. Treasury explained that companies like Zservers form a crucial part of the ransomware ecosystem. They provide the technical infrastructure that allows cybercriminals to launch attacks while staying hidden from authorities.

    The action follows several other moves against bulletproof hosting services. In 2023, authorities shut down another provider called Lolek Hosted. The same year, courts sentenced Mihai Ionut Paunescu to three years in prison for running PowerHost[.]ro, a similar service.

    Law enforcement agencies have increased their focus on these hosting providers. In October 2024, Spanish police arrested a suspected bulletproof hosting owner during an operation targeting members of the Evil Corp cybercrime group.

    The U.S. State Department pointed out that Russia continues to allow cybercriminals to operate freely within its borders. These groups regularly target American organizations and those of U.S. allies.

    This latest action builds on previous law enforcement successes against LockBit. In February 2024, a global police operation took control of LockBit’s computer systems, though the group has tried to rebuild its network since then.

    Recent data shows that bulletproof hosting services remain a key target for international law enforcement. The U.S. Justice Department has handed out several multi-year prison sentences to people who ran these services, showing their commitment to dismantling the technical infrastructure that supports ransomware operations.

    Stay Ahead of the Market with Benzinga Pro!

    Want to trade like a pro? Benzinga Pro gives you the edge you need in today's fast-paced markets. Get real-time news, exclusive insights, and powerful tools trusted by professional traders:
    • Breaking market-moving stories before they hit mainstream media
    • Live audio squawk for hands-free market updates
    • Advanced stock scanner to spot promising trades
    • Expert trade ideas and on-demand support
    Don't let opportunities slip away. Start your free trial of Benzinga Pro today and take your trading to the next level!

    Visit Benzinga Pro

    Share.
    Avatar photo

    Maisie is an experienced Crypto & Financial news journalist, having written for Blockonomi.com, Computing.net and is Editor in Chief at Blockfresh.com

    Related Posts

    Add A Comment

    Comments are closed.

    METAWIN Millionaire! Win $700,000 in USDC: Enter Here