US, UK and Australia sanction Russian ‘bulletproof’ web host used in ransomware attacks

The governments of the United States, United Kingdom, and Australia have sanctioned a Russian “bulletproof” web hosting company and several of its affiliates for allegedly using them in ransomware attacks against US victims and critical infrastructure.

In a statement on Wednesday, the US Treasury Department he said imposed coordinated sanctions on Russia-based web host Media Land and three related companies. The sanctions also target several of the company’s executives, including its chief executive — also known as Yalisanda — which allegedly provided servers and troubleshooting to cybercriminals.

Officials say criminal hackers relied on Media Land to launch denial-of-service attacks. Prolific ransomware gangs including LockBit, BlackSuit and Play reportedly used it for their infrastructure. The Treasury Department said several of the company’s employees coordinated with cybercriminals.

“Bulletproof” providers are web hosts and cloud companies that typically advertise their services as impenetrable or resistant to law enforcement actions such as takedowns or legal demands, and are therefore commonly used by cybercriminals to host their malicious infrastructure.

U.S. officials said hosting companies like Media Land help provide essential services to cybercriminals for “attacks on businesses in the United States and in allied countries,” although the Treasury Department did not name the victims of the attacks.

The UK Foreign Office said it also designated a UK-based company called Hypercore, which officials said had been set up as a front company for Aeza Group, another bulletproof hosting company that sanctions were imposed by the US in July. said the UK in her own statement that Aeza is linked to a Kremlin disinformation organization called the Social Planning Agency.

Sanctioning companies and individuals involved in cybercrime effectively makes it illegal for citizens, residents or individuals with business ties to the US, UK and Australia to do business or do business with those sanctioned.

The US cyber security agency CISA and the National Security Agency published guidance Wednesday on how organizations can mitigate risks from bulletproof hosting providers.