- The US, UK, and Australia, placed sanctions on ZServers and five individuals
- They are all being linked to the infamous LockBit RaaS
- Businesses in these countries are not allowed to transact with ZServers or its employees
Russia-based bulletproof hosting services provider (BPH) ZServers has been sanctioned by the United States, Australia, and the United Kingdom for its alleged involvement with the LockBit ransomware group.
In a press release, the Australian Federal Police (AFP) said ZServers was providing services to threat actors responsible for the Medibank Private breach that happened in October 2022. As a result, millions of Medibank’s customers have had their sensitive data stolen.
Besides putting ZServers on the blacklist, the law enforcement agencies also imposed travel banks and financial sanctions on five Russians – Aleksandr Bolshakov, the alleged owner of ZServers, Aleksandr Mishin and Ilya Sidorov, senior employees, and Dimitriy Bolshakov and Igor Odintsov, regular employees.
Bulletproof hosting
“Bulletproof hosting” is a form of web hosting services highly resistant to takedowns, often catering to clients engaged in questionable or illegal activities. These services ignore law enforcement requests, DMCA notices, and abuse complaints, making them attractive to cybercriminals for hosting malware, phishing sites, botnets, and other malicious operations.
“Calling these hosting providers ‘bulletproof’ is a false marketing gimmick. Cybercriminals think they are safeguarded by these service providers, however, one massive swing from authorities can crack open and disrupt the infrastructure,” said AFP Cyber Command Assistant Commissioner Richard Chin.
They are not immune to sanctions, though, but we’ll have to wait and see how effective they are. In practice, they mean that people and businesses in these three countries are not allowed to transact, or do any business, with the sanctioned entities. Whatever assets ZServers has in these three countries will be frozen, as well.
LockBit is a notorious ransomware-as-a-service (RaaS) operation that has been one of the most active and dangerous cybercrime groups in recent years. It primarily targets businesses, government agencies, and critical infrastructure, encrypting data and demanding ransom payments for decryption keys.
Among its more notable victims are Boeing, Royal Mail, Industrial and Commercial Bank of China, Accenture, and the Thales Group.
You might also like
- Hackers hide malware into website images to go unnoticed
- We’ve rounded up the best password managers
- Take a look at our guide to the best authenticator app