Joint International Crackdown Sanctions Russia-Based Hosting Service Zservers for Aiding Ransomware Gangs

The United States, Australia, and the United Kingdom have joined forces to impose sanctions on Zservers, a Russia-based hosting service, for its involvement in providing infrastructure to the notorious cryptocurrency ransomware gang LockBit.

According to a joint press release issued by the U.S. Treasury’s Office of Foreign Assets Control, Australia’s Department of Foreign Affairs and Trade, and the UK’s Foreign, Commonwealth & Development Office, the sanctions aim to cut off Zservers from the global financial system.

Sanctions Impose Asset Freezes and Travel Bans

The sanctions include asset freezes, travel bans, and restrictions, effectively blocking any property or funds tied to Zservers in sanctioned jurisdictions. Financial institutions risk penalties if they engage with the sanctioned entities.

Bradley T. Smith, Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, emphasized that bad actors rely on bulletproof hosting services like Zservers to orchestrate attacks on “US and international critical infrastructure.”

Individuals Tied to LockBit Operations Blacklisted

The sanctions also target Zservers administrators Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov, along with four other individuals tied to LockBit’s operations. These individuals are now cut off from global financial systems and face travel bans.

Zservers Serviced Clients Beyond LockBit

Authorities claim that Mishin and Bolshakov, as Zservers administrators, provided bulletproof hosting to cybercriminals and reassigned infrastructure to LockBit affiliates to help them evade detection. Mishin also directed cryptocurrency transactions tied to ransomware operations.

A blockchain analytics report revealed that Zservers was catering to a broad client base in the cybercrime world, with at least $5.2 million in on-chain activity linked to the service. Multiple ransomware affiliates beyond LockBit had sent funds to Zservers, which cashed out through sanctioned Russian exchange Garantex and other high-risk platforms with little to no Know-Your-Customer (KYC) enforcement.

LockBit Ransomware Group’s Notorious Activities

The LockBit ransomware group, first spotted in 2019, has been behind some of the biggest hacks and crypto extortion cases, including attacks on Bangkok Airways, Accenture, and Canadian government services.

In February 2024, a global law enforcement coalition dismantled LockBit’s operational network by seizing its command and control systems. In December of that year, the U.S. Department of Justice charged a Russian national for working as a developer for the ransomware group.

As the cryptocurrency landscape continues to evolve, it’s essential to stay informed about the latest developments and risks. For more news and updates on the world of cryptocurrencies and finance, visit Global Crypto News.