The United States, the United Kingdom and Australia took action against Zservers, a Russia-based bulletproof hosting (BPH) service provider, for its role in facilitating Lockbit ransomware attacks.
Zservers is responsible for providing cybercriminals with secure servers and other critical infrastructure designed to evade law enforcement detection. Th infrastructure is often used by cybercriminals to plan and execute ransomware attacks, including those orchestrated by affiliates of the notorious Lockbit group.
The US Treasury’s Office of Foreign Assets Control (OFAC) also sanctioned two key Russian nationals, Bolshakov Aleksandr Sergeyevich (aka SERGEEVICH, Aleksandr Bol'shakov, "AAELBAS", "WTLFNT") and Mishin Alexander Igorevich (aka MISHIN, Aleksandr Igorvich, "ALEX560560", "JAMES1789", "KLICHKO, Ivan P", "PIPPIN, James", "SASHA-BRN", "TRIPLEX560") associated with Zservers, labeling them as principal administrators of the service.
The UK’s sanctions specifically target Zservers as a central player in the global cybercrime supply chain. According to UK authorities, Zservers explicitly advertises itself as a BPH provider, offering its services to illicit actors who seek to carry out cyberattacks.
The UK government also took action against six Zservers employees, labeling them as part of the larger cybercrime syndicate responsible for crippling ransomware attacks worldwide. In addition, the UK front company XHOST Internet Solutions LP, believed to be connected to Zservers, was also added to the sanctions list.
Lockbit ransomware affiliates have been known to use Zservers' services as a launching pad for attacks against various targets, including critical sectors such as non-profits.
The full list of entities and individuals targeted by sanctions include ZSERVERS, XHOST Internet Solutions LP, Aleksandr Bolshakov (employee), Aleksandr Mishin (employee), Ilya Sidorov (employee), Dmitriy Bolshakov (employee), Igor Odintsov (employee), and Vladimir Ananev (employee).
