The UK government has imposed strict sanctions on ZSERVERS, a Russian-based cyber entity identified as a key enabler of global ransomware attacks.
The sanctions target six members of the ZSERVERS network and its UK-based front company, XHOST Internet Solutions LP, marking a significant step in combating international cybercrime.
ZSERVERS, known for offering “Bulletproof Hosting” (BPH) services, has been instrumental in providing infrastructure that shields cybercriminals from detection and law enforcement.
These services have supported ransomware groups like LockBit, enabling them to execute attacks on critical infrastructure, public services, and private entities worldwide. The sanctions aim to disrupt this supply chain, which has facilitated ransomware operations that extorted over $1 billion globally in 2023 alone.
Coordinated Crackdown of Infrastructure
The sanctions are part of a trilateral effort involving the United States and Australia. This coordinated action underscores the growing international resolve to dismantle cybercriminal ecosystems.
ZSERVERS’ activities have included leasing IP addresses and hosting malicious software used in ransomware campaigns. By targeting these operations, authorities hope to disable the activities of hundreds or thousands of cybercriminals simultaneously.
Foreign Secretary David Lammy emphasized the UK’s commitment to countering cyber threats: “Putin has built a corrupt mafia state driven by greed and ruthlessness.
It is no surprise that unscrupulous extortionists run rampant from within his borders. We will continue working with partners to constrain the Kremlin’s lawless cyber underworld and safeguard UK national security”.
Ransomware attacks threaten national security, disrupting essential services such as healthcare and education while compromising sensitive data. In recent years, ransomware groups have targeted hospitals, schools, local authorities, and businesses in the UK. These attacks not only cause financial losses but also jeopardize public trust in critical systems.
Minister of State for Security Dan Jarvis highlighted the gravity of the situation: “Ransomware attacks by Russian-affiliated cybercrime gangs are among the most harmful threats we face today. Denying them the tools of their trade weakens their capacity to harm the UK”.
ZSERVERS’ Role in Cybercrime
ZSERVERS explicitly markets itself as a BPH provider catering to illicit actors. These services include tools that obscure users’ locations and identities, making it difficult for law enforcement to trace criminal activities.
The hosting provider has been linked to LockBit affiliates, who used its infrastructure to coordinate ransomware attacks against various sectors, including non-profits.
The UK government also sanctioned XHOST Internet Solutions LP, ZSERVERS’ UK-based front company, along with six employees: Aleksandr Bolshakov, Aleksandr Mishin, Ilya Sidorov, Dmitriy Bolshakov, Igor Odintsov, and Vladimir Ananev. These individuals played key roles in supporting ransomware operations.
Today’s sanctions build on previous actions against other notorious ransomware groups like Evil Corp and LockBit. The measures align with the UK’s broader “Plan for Change,” which prioritizes cybersecurity as a cornerstone of national security and economic resilience.
By targeting every link in the ransomware supply chain, the government aims to deter future attacks and protect both the public and private sectors.
This crackdown represents a significant milestone in international efforts to combat cybercrime. By exposing ZSERVERS’ operations and imposing severe penalties on its members, the UK sends a clear message: those who enable ransomware attacks will face decisive action.
PCI DSS 4.0 & Supply Chain Attack Prevention – Free Webinar
