The U.S. took aim at two separate Russian ransomware networks Tuesday, announcing new sanctions and arrests against a Russia-based internet service provider and several Russian nationals.
The State Department said it is sanctioning Zservers — a bulletproof hosting (BPH) services provider that allegedly supported LockBit ransomware attacks — alongside Australia and the United Kingdom.
Bulletproof hosting providers typically ignore or evade law enforcement requests and, as such, are highly sought after for cybercrime.
“As a BPH service provider, Zservers provided cybercriminals access to specialized servers and other computer infrastructure designed to resist law enforcement action,” State Department spokesperson Tammy Bruce said in a statement.
“Russia continues to offer safe harbor for cybercriminals where groups are free to launch and support ransomware attacks against the United States and its allies and partners,” she added.
Two Russian nationals who served as Zservers operators, Aleksandr Sergeyevich Bolshakov and Alexander Igorevich Mishin, were also targeted with sanctions.
The LockBit group, which is considered one of the world’s most dominant ransomware groups, has received more than $120 million in ransom payments. The State Department is currently offering a reward of up to $15 million for information about LockBit.
The Department of Justice (DOJ) separately announced Tuesday that it had arrested two Russian nationals, Roman Berezhnoy and Egor Nikolaevich Glebov, for allegedly operating a cybercrime group using another ransomware called Phobos.
They allegedly targeted more than 1,000 entities, including a children’s hospital, health care providers and educational institutions, and received more than $16 million in ransom payments, according to the DOJ.
