U.S., UK & Australia sanction Russian “Bulletproof” hosting firm linked to LockBit ransomware

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), in coordination with the U.K. and Australia, has imposed sanctions on Zservers, a Russian-based bulletproof hosting (BPH) provider, along with two of its operators, for their role in supporting the LockBit ransomware syndicate .

Zservers earned its infamy by providing secure, resistant-to-takedown servers, allowing ransomware attackers to evade law enforcement. LockBit, active since 2019, is among the world’s most rampant ransomware groups, responsible for over 7,000 extortion attacks and approximately $120 million in ransoms, targeting high-profile organizations like Boeing, UK’s NHS, Royal Mail, and China’s ICBC .

OFAC named the operators Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov, who are accused of coordinating virtual currency transactions for LockBit and managing server operations linked to the syndicate .

Why It Matters

• Disruption of Cybercrime Networks: Targeting BPH providers like Zservers undermines the infrastructure cybercriminals depend on.

• Global Coordination: The tripartite sanctions are part of a wider international push to dismantle LockBit and its affiliates. U.S. officials have emphasized this move as a demonstration of resolve against cybercriminal networks.

What’s Next

• Financial freezes and transaction bans now apply to Zservers and the named operators — effectively cutting them from U.S., U.K., and Australian financial systems .

• Heightened risk for ransomware networks relying on BPH providers, as authorities continue to probe and sanction enabling services.