US, UK and Australia Blacklist Russian ‘Bulletproof’ Hosting Firms Tied to Ransomware Attacks

The United States, Britain and Australia have imposed coordinated sanctions on Russian technology companies and individuals accused of providing key online infrastructure for ransomware and other cyberattacks, Reuters reported.

The measures, announced on Wednesday, center on Media Land, a Russia-based web hosting company that U.S. and British authorities say supports ransomware operations targeting businesses and organizations in Western countries.

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) designated Media Land, three of its sister companies and three members of its leadership, the department said in a statement. The action blocks any property they hold in the United States and generally bars U.S. persons from dealing with them.

“These so-called bulletproof hosting service providers like Media Land provide cybercriminals essential services to aid them in attacking businesses in the United States and in allied countries,” said U.S. Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley in a statement.

British authorities announced parallel steps, describing Media Land as one of the most significant operators of bulletproof hosting services, which offer resilient infrastructure used to stage ransomware attacks other malicious campaigns, Reuters said.

London added Aeza Group LLC to its Russia sanctions regime and issued six designations under its cyber regime. Those include Media Land, another hosting provider ML.Cloud LLC, and four individuals accused of involvement in malicious cyber activity.

Britain also singled out the man it described as Media Land’s ringleader, Alexander Volosovik, known online as “Yalishanda,” according to the news outlet. Authorities said he has been active in the cyber underground since at least 2010 and linked him to notorious cybercrime groups including Evil Corp, LockBit and Black Basta.

According to the U.S. statement, ML.Cloud is a sister company of Media Land whose technical infrastructure is frequently used alongside Media Land’s systems, including in ransomware attacks and distributed denial-of-service (DDoS) operations that flood targets with traffic to knock them offline.

Australia said it was imposing similar measures to align with its partners, citing the need to disrupt ransomware networks that have struck hospitals, schools and businesses, the news agency said.