The United States, the United Kingdom, and Australia have imposed sanctions on Zservers, a Russia-based web hosting provider accused of supporting the LockBit ransomware gang. Authorities claim that Zservers offered services that allowed LockBit hackers to operate anonymously. This enabled them to launch cyberattacks on individuals and key infrastructure worldwide.
The United States, the United Kingdom, and Australia have imposed sanctions on Zservers. Source: XLockBit is one of the most notorious ransomware groups, responsible for billions of dollars in damages. In February 2024, a global law enforcement operation involving ten countries attempted to dismantle the group’s network. Officials say LockBit was behind major cyberattacks, including breaches of Australia’s Medibank and the Industrial Commercial Bank of China (ICBC) in the US.
LockBit operates using ransomware, a type of malicious software designed to encrypt files on a victim’s computer. Once locked, the hackers demand payment—often in cryptocurrency—in exchange for restoring access to the files or preventing their release. Since first appearing in September 2019, LockBit has carried out over 7,000 cyberattacks and have extorted up to $1 billion from victims.
Why Authorities Are Targeting Zservers
Authorities claim that Zservers provided a critical service to cybercriminals through bulletproof hosting, a type of internet hosting that allows clients to hide their online activity. Cybercriminals often use these services for illegal activities because they make it difficult for law enforcement to track criminal activity.
The sanctions mean that Zservers’ financial assets will be frozen, preventing the company from accessing money in banks. In addition, the sanctions extend to six individuals, including two Russian nationals identified as Zservers administrators. These individuals will face travel bans and asset freezes.
Russian Administrators Accused of Facilitating Cybercrimes
Two key figures linked to Zservers have been named in the sanctions: Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov. Both are accused of playing a direct role in handling cryptocurrency transactions for LockBit and supporting the gang’s cyberattacks.
The US Treasury’s Office of Foreign Assets Control (OFAC) has also added several cryptocurrency addresses linked to Zservers to its Specially Designated Nationals (SDN) list. This means that OFAC has blocked these addresses from making legal transactions.
Blockchain analytics firm Chainalysis reported that these wallets, including one linked directly to Mishin, have processed large sums of cryptocurrency.
Chainalysis traced Zservers’ onchain transactions and its suspected links to ransomware groups. Source: ChainalysisZservers’ Deep Ties to Crypto and Criminal Activity
According to Chainalysis, Zservers was not only used by LockBit but also served other ransomware operators. Investigators found that cybercriminals frequently sent payments to Zservers to access its services.
The report also revealed that Zservers cashed out funds through Garantex, a Russian cryptocurrency exchange that does not enforce Know Your Customer (KYC) verification rules. This allows anonymous transactions, making it easier for criminals to launder money. Chainalysis estimated that Zservers had handled at least $5.2 million in cryptocurrency transactions linked to high-risk and illegal activities.
Zservers’ official website lists data centers in multiple countries, including the United States, Russia, Bulgaria, the Netherlands, and Finland. The company advertises various hosting services, including custom configurations and technical support.
Authorities believe that targeting Zservers and similar infrastructure providers is a crucial step in preventing future ransomware attacks. By cutting off cybercriminals from essential services, law enforcement hopes to make it more difficult for groups like LockBit to operate.
The post US, UK, and Australia Sanction Zservers for Hosting LockBit Ransomware appeared first on Coinchapter.
%%featured_image%%
