US, UK crack down on Russian bulletproof hosting service ZServers for LockBit partnership

Representational image of a cybercriminal

Image Credit: Pixabay (Image credit: Pixabay)

The US, UK, and Australia, placed sanctions on ZServers and five individuals
They are all being linked to the infamous LockBit RaaS
Businesses in these countries are not allowed to transact with ZServers or its employees

Russia-based bulletproof hosting services provider (BPH) ZServers has been sanctioned by the United States, Australia, and the United Kingdom for its alleged involvement with the LockBit ransomware group.

In a press release, the Australian Federal Police (AFP) said ZServers was providing services to threat actors responsible for the Medibank Private breach that happened in October 2022. As a result, millions of Medibank’s customers have had their sensitive data stolen.

Besides putting ZServers on the blacklist, the law enforcement agencies also imposed travel banks and financial sanctions on five Russians - Aleksandr Bolshakov, the alleged owner of ZServers, Aleksandr Mishin and Ilya Sidorov, senior employees, and Dimitriy Bolshakov and Igor Odintsov, regular employees.

Bulletproof hosting

“Bulletproof hosting” is a form of web hosting services highly resistant to takedowns, often catering to clients engaged in questionable or illegal activities. These services ignore law enforcement requests, DMCA notices, and abuse complaints, making them attractive to cybercriminals for hosting malware, phishing sites, botnets, and other malicious operations.

"Calling these hosting providers 'bulletproof' is a false marketing gimmick. Cybercriminals think they are safeguarded by these service providers, however, one massive swing from authorities can crack open and disrupt the infrastructure,” said AFP Cyber Command Assistant Commissioner Richard Chin.

They are not immune to sanctions, though, but we’ll have to wait and see how effective they are. In practice, they mean that people and businesses in these three countries are not allowed to transact, or do any business, with the sanctioned entities. Whatever assets ZServers has in these three countries will be frozen, as well.

LockBit is a notorious ransomware-as-a-service (RaaS) operation that has been one of the most active and dangerous cybercrime groups in recent years. It primarily targets businesses, government agencies, and critical infrastructure, encrypting data and demanding ransom payments for decryption keys.

Among its more notable victims are Boeing, Royal Mail, Industrial and Commercial Bank of China, Accenture, and the Thales Group.

Hackers hide malware into website images to go unnoticed
We've rounded up the best password managers
Take a look at our guide to the best authenticator app

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.