US, UK, and Australia Sanction Russian Hosting Provider for Role in Lockbit Ransomware Attacks

Key Points

• The U.S., UK, and Australia have sanctioned Russian Zservers for supporting Lockbit ransomware attacks. Two key administrators were also sanctioned.
• Zservers is classified as a bulletproof hosting provider that helps cybercriminals evade detection.
• Lockbit ransomware is a major cyber threat, targeting businesses and government institutions worldwide.
• Sanctions aim to disrupt ransomware operations by cutting off their support networks.

The United States has joined Australia and Britain in imposing sanctions on Russia-based Zservers, a hosting service provider accused of supporting Lockbit ransomware operations. The U.S. Department of the Treasury announced the move on Tuesday, citing national security concerns and Zservers’ role in facilitating cyberattacks on critical infrastructure.

The U.S. Treasury’s Office of Foreign Assets Control (OFAC) has designated Zservers as a “bulletproof hosting” (BPH) provider. A type of network service that enables cybercriminals to conduct attacks while evading detection. Two Russian nationals, allegedly key administrators of Zservers, have also been sanctioned. According to the Treasury’s statement, these individuals played a crucial role in operating and managing the service.

Bradley Smith, Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, emphasized the importance of disrupting cybercriminal networks. “Ransomware actors and other cybercriminals rely on third-party network service providers like Zservers to enable their attacks on U.S. and international critical infrastructure,” Smith stated. By targeting these support networks, authorities aim to weaken the operational capabilities of ransomware groups.

Lockbit is one of the most notorious ransomware gangs responsible for numerous high-profile attacks on businesses and government agencies worldwide. These attacks encrypt victims’ data and demand ransom payments for decryption keys. Law enforcement agencies have been intensifying their efforts to disrupt such operations, leading to international cyber sanctions.

This latest action follows a joint effort by the U.S., UK, and Australia last year to sanction Evil Corp, another cybercriminal group linked to ransomware attacks. The coordinated approach underscores the growing concern over cyber threats and the need for international collaboration to combat ransomware syndicates.