The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), in coordination with the U.K. and Australia, has imposed sanctions on Zservers, a Russian-based bulletproof hosting (BPH) provider, along with two of its operators, for their role in supporting the LockBit ransomware syndicate .
Zservers earned its infamy by providing secure, resistant-to-takedown servers, allowing ransomware attackers to evade law enforcement. LockBit, active since 2019, is among the world’s most rampant ransomware groups, responsible for over 7,000 extortion attacks and approximately $120 million in ransoms, targeting high-profile organizations like Boeing, UK’s NHS, Royal Mail, and China’s ICBC .
OFAC named the operators Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov, who are accused of coordinating virtual currency transactions for LockBit and managing server operations linked to the syndicate .
Why It Matters
-
Disruption of Cybercrime Networks: Targeting BPH providers like Zservers undermines the infrastructure cybercriminals depend on.
-
Global Coordination: The tripartite sanctions are part of a wider international push to dismantle LockBit and its affiliates. U.S. officials have emphasized this move as a demonstration of resolve against cybercriminal networks.
What’s Next
-
Financial freezes and transaction bans now apply to Zservers and the named operators — effectively cutting them from U.S., U.K., and Australian financial systems .
-
Heightened risk for ransomware networks relying on BPH providers, as authorities continue to probe and sanction enabling services.
