"U.S., U.K., Australia Sanction Russian Hosting Giant Zservers for LockBit Ties"

Coin WorldWednesday, Feb 12, 2025 4:53 am ET
1min read

In a joint effort to combat cybercrime, the United States, United Kingdom, and Australia have imposed sanctions on Russian hosting service provider Zservers for its role in supporting the LockBit ransomware operation. The sanctions, announced on February 11, 2025, target the company, its UK-based front organization XHOST Internet Solutions LP, and several key individuals involved in its operations.

The sanctions package includes asset freezes and travel bans, effectively cutting Zservers off from the global financial system. Any property or funds connected to the company in sanctioned jurisdictions are now blocked, and financial institutions face penalties for engaging with the sanctioned entities.

At the center of the sanctions are Zservers administrators Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov. Authorities allege that these individuals provided bulletproof hosting services to cybercriminals and helped LockBit affiliates avoid detection by reassigning infrastructure.

The U.S. Treasury’s Office of Foreign Assets Control reports that Mishin played a direct role in managing cryptocurrency transactions linked to ransomware operations. This included handling payments for Zservers’ services used by multiple ransomware groups beyond LockBit.

Blockchain analytics firm Chainalysis revealed the scale of Zservers’ operation, tracking at least $5.2 million in cryptocurrency transactions connected to the company. The firm found that Zservers processed payments through the sanctioned Russian exchange Garantex and other high-risk platforms with minimal know-your-customer requirements.

The UK government expanded its sanctions to include four additional individuals: Ilya Sidorov, Dmitriy Bolshakov, Igor Odintsov, and Vladimir Ananev. These individuals were connected to Zservers’ operations and the broader cybercrime network.

Canadian law enforcement provided evidence of Zservers’ direct involvement with LockBit operations. In 2022, authorities raided the home of a LockBit affiliate and discovered they had been using Zservers’ services.

The investigation uncovered a pattern of deliberate assistance to cybercriminals. In one case, when a Lebanese organization complained about their IP address being used for ransomware attacks, Mishin claimed to have terminated the service. However, he secretly instructed Bolshakov to simply change the IP address for the attacker.

LockBit, which first appeared in