The United States, Australia, and the United Kingdom have jointly sanctioned Zservers, a Russia-based bulletproof hosting services provider. This action targets Zservers for its involvement in supporting LockBit ransomware attacks. The sanctions were announced by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), Australia’s Department of Foreign Affairs and Trade, and the United Kingdom’s Foreign Commonwealth and Development Office.

LockBit is a notorious ransomware group known for its widespread ransomware variant. It was responsible for an attack on the Industrial Commercial Bank of China U.S. broker-dealer in November 2023. Bulletproof hosting service providers like Zservers offer infrastructure designed to evade detection and law enforcement efforts, facilitating these malicious activities.

"Ransomware actors and other cybercriminals rely on third-party network service providers like Zservers to enable their attacks on U.S. and international critical infrastructure," said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith. "Today’s trilateral action with Australia and the United Kingdom underscores our collective resolve to disrupt all aspects of this criminal ecosystem, wherever located, to protect our national security."

This move builds upon previous sanctions against Russian ransomware actors, including Alexander Ermakov and members of Evil Corp, highlighting a continued commitment to combatting cybercrime.

Zservers is headquartered in Barnaul, Russia, where it has advertised its services on cybercriminal forums to avoid law enforcement scrutiny. The company has provided numerous IP addresses to LockBit affiliates for coordinating ransomware attacks.

OFAC has designated Zservers under Executive Order 13694, as amended by E.O. 14144, citing material support for LockBit ransomware as a threat to U.S. national security.

Key personnel at Zservers include Russian nationals Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov. Both are administrators who have facilitated cybercriminal activities through virtual currency transactions and IP address management.

As a result of these sanctions, any property or interests in property within the U.S., or controlled by U.S. persons that belong to those designated today are blocked and must be reported to OFAC.

Financial institutions engaging with sanctioned entities may face penalties or enforcement actions if they violate OFAC regulations.

OFAC emphasizes that sanctions aim not at punishment but at promoting positive behavioral change among designated individuals or entities.