Ethical Hacking News
Coordinated Global Sanctions Target Russian Bulletproof Hosting Providers Enabling Ransomware Operations
The US, Australia, and UK have jointly imposed sanctions on two Russian-based bulletproof hosting (BPH) providers, Media Land and its sister firms. Media Land has been designated under the Office of Foreign Assets Control for supporting ransomware operations and other forms of cybercrime. The sanctioned entities include Media Land's leaders, subsidiaries, and affiliated companies linked to major ransomware groups like LockBit and BlackSuit. The sanctions aim to mitigate the threat posed by Media Land's infrastructure, which has been used to evade detection and defy law enforcement efforts. Media Land's infrastructure also supported DDoS attacks on US companies and critical infrastructure.
In a concerted effort to disrupt and dismantle notorious ransomware groups, the United States, Australia, and the United Kingdom have jointly imposed coordinated sanctions on two Russian-based bulletproof hosting (BPH) providers. Media Land, a St. Petersburg-based BPH service provider, has been designated under the Office of Foreign Assets Control (OFAC) for its role in supporting ransomware operations and other forms of cybercrime. The sanctioned entities include Media Land, its leaders, sister firms, and subsidiaries, which have been linked to major ransomware groups such as LockBit, BlackSuit, and Play.
The coordinated sanctions announced by the Department of the Treasury's Office of Foreign Assets Control (OFAC), Australia's Department of Foreign Affairs and Trade, and the United Kingdom's Foreign Commonwealth and Development Office are aimed at mitigating the threat posed by Media Land's infrastructure. The BPH service provider has been used by major ransomware groups to evade detection and defy law enforcement efforts to disrupt malicious cyber activities.
Media Land's infrastructure also supported DDoS attacks on U.S. companies and critical infrastructure, further highlighting its role as a facilitator of malicious cyber activities. Sister company ML Cloud often worked alongside Media Land in these operations, with General director Aleksandr Volosovik (also known as "Yalishanda") supplying servers and support to cybercriminals, while employee Kirill Zatolokin managed payments and coordinated with other actors.
OFAC designated Media Land, ML Cloud, Volosovik, and Zatolokin under E.O. 13694 for contributing to cyber activities threatening U.S. national security. Yulia Pankova was also designated for assisting Volosovik financially and legally. Subsidiaries Media Land Technology and Data Center Kirishi were also sanctioned as entities controlled by Media Land.
The coordinated sanctions imposed on Media Land are part of a broader effort to counter the threat posed by BPH providers, which have been increasingly used by notorious ransomware groups to evade detection and carry out malicious operations. The U.S., Australia, and the United Kingdom have issued guidance to mitigate risks linked to bulletproof hosting providers, urging ISPs and network defenders to block malicious ASNs, IP ranges, and IPs, supported by curated threat lists.
The joint advisory on reducing risks from BPH providers, issued by government agencies from the Five Eyes and the Netherlands, emphasizes the importance of implementing robust security measures to protect against the threat posed by these providers. The advisory urges ISPs and network defenders to adopt strong internet routing security practices, inform customers about the risks associated with using BPH providers, offer ready-to-use filters, collaborate with peers, and adopt Secure-by-Design services.
The coordinated sanctions imposed on Media Land are a significant development in the global effort to combat ransomware and other forms of cybercrime. By targeting Media Land's infrastructure and disrupting its operations, the U.S., Australia, and the United Kingdom aim to reduce the effectiveness of BPH providers used by notorious ransomware groups.
The action taken by the U.S., Australia, and the United Kingdom demonstrates their commitment to countering sanctions-evasion by cybercriminals and mitigating the threat posed by BPH providers. The coordinated sanctions imposed on Media Land are a significant step towards reducing the threat posed by these providers and disrupting the operations of notorious ransomware groups.
In conclusion, the coordinated global sanctions targetting Russian bulletproof hosting providers enabling ransomware operations is a significant development in the global effort to combat cybercrime. The U.S., Australia, and the United Kingdom's joint action against Media Land and its affiliated entities will have a profound impact on the threat posed by BPH providers and notorious ransomware groups.
Related Information:
https://www.ethicalhackingnews.com/articles/Coordinated-Global-Sanctions-Target-Russian-Bulletproof-Hosting-Providers-Enabling-Ransomware-Operations-ehn.shtml
https://securityaffairs.com/184871/cyber-crime/coordinated-sanctions-hit-russian-bulletproof-hosting-providers-enabling-top-ransomware-ops.html
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a
https://en.wikipedia.org/wiki/LockBit
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a
https://www.huntress.com/threat-library/malware/blacksuit
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-352a
https://www.pcrisk.com/removal-guides/24571-play-ransomware
https://en.wikipedia.org/wiki/Play_(hacker_group)
https://www.socinvestigation.com/comprehensive-list-of-apt-threat-groups-motives-and-attack-methods/
Published: Thu Nov 20 13:58:04 2025 by llama3.2 3B Q4_K_M
