Authorities Sanctioned Russia-based Bulletproof Hosting Provider for Supporting Ransomware Operations

The U.S. Department of the Treasury, Australia, and the United Kingdom have announced coordinated sanctions against Media Land.

This Russia-based bulletproof hosting company provides infrastructure to ransomware and other cybercriminals.

The U.S. Federal Bureau of Investigation also coordinated the action targeting the company’s leadership team and related entities.

Bulletproof hosting providers offer specialized servers designed to help criminals hide their activities and avoid law enforcement.

These services give ransomware gangs, hackers, and other cybercriminals the infrastructure they need to launch attacks against businesses and critical infrastructure.

Media Land’s Criminal Operations

Media Land, headquartered in St. Petersburg, Russia, supplied hosting services to major ransomware groups, including LockBit, BlackSuit, and Play.

The company’s infrastructure was also used for distributed denial-of-service (DDoS attacks targeting U.S. companies and critical systems. Company leadership played direct roles in the criminal operation.

Aleksandr Volosovik, Media Land’s general director, advertised the company’s services on cybercriminal forums under the alias “Yalishanda” and provided servers to ransomware actors.

Kirill Zatolokin, an employee, collected payments from customers and coordinated with other cyber actors. Yulia Pankova assisted Volosovik with legal matters and financial management.

The Treasury also designated Hypercore Ltd., a UK-registered company created by the Aeza Group after it was sanctioned in July 2025. Aeza attempted to rebrand and hide its connections to avoid sanctions.

Treasury officials designated new companies and individuals involved in the evasion effort, including directors Maksim Makarov and Ilya Zakirov. Related entities in Serbia and Uzbekistan were also targeted.

All property and assets belonging to the designated individuals and companies in the United States are now frozen.

U.S. persons and businesses are prohibited from conducting transactions with these entities. Financial institutions engaging with sanctioned parties risk enforcement actions.

The U.S. Treasury emphasized that these coordinated international actions demonstrate a commitment to preventing ransomware and protecting citizens from cybercrime.

The Cybersecurity and Infrastructure Security Agency released additional guidance on protecting against bulletproof hosting providers.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.