International authorities are ramping up their efforts to stop groups and individuals using the LockBit ransomware to target unsuspecting users. The latest was the crackdown on the Russia-based Zservers, a bulletproof hosting service provider that allegedly had links with the LockBit cryptocurrency ransomware group.
In a media statement, the Australian Federal Police (AFP) shared that they have worked with the US and the UK to freeze the assets that belong to Zservers and its affiliate company, XHOST Internet Solutions LP, and ban international travel for six persons.
According to the AFP report, over 200 crypto accounts allegedly owned by the group have been frozen by the authorities, cutting the group’s source of funding and profits.
Zservers Hit With Sanctions
Zservers, a bulletproof hosting (BPH) service provider based in Russia, is now facing sanctions for its links with the LockBit gang. LockBit is a Russian group known for deploying one of the most dangerous ransomware attacks in recent years.
🚨 SANCTIONED: Russian cyber entity ZSERVERS, the launchpad for crippling ransomware attacks, and their UK front, XHOST Internet Solutions LP.
The UK is cracking down on the Russian cybercrime supply chain and the predatory ransomware activity it feeds. pic.twitter.com/AzE80qrxMT
— Foreign, Commonwealth & Development Office (@FCDOGovUK) February 11, 2025
In November 2023, the group targeted the Industrial Commercial Bank of China. Multiple reports show that China’s biggest lender paid ransom after the hacking. The hackers were successful, and the bank’s corporate emails stopped working, forcing employees to use Gmail.
A Bulletproof hosting (BPH) service provider, like Zservers, offers access to specialised servers and infrastructure designed to cloak operators, evade detection, and skirt the law.
According to the US Treasury Department, this type of company often sells tools for bad actors that can hide identities, locations, and online identities. Bradley Smith of the US Treasury explained that companies like Zservers enable criminals to attack the US and other countries’ online infrastructure.
What Is The LockBit Ransomware And How Does It Work?
LockBit works as a “ransomware-as-a-service” product, which means that any individual or group, even without tech skills, can buy and use its ready-made ransomware program and target unsuspecting users.
Ransomware is a malicious software that can attack devices and networks and encrypt files and data, making them worthless.
Traditionally, hackers and cybercriminals use ransomware to demand payments from victims in exchange for recovering lost or encrypted data. Often, victims will pay the ransom in cryptocurrency.
Crypto Addresses Owned By Zservers Administrators Now Sanctioned
As part of the authorities’ crackdown, the assets of Zservers’ administrators are currently on hold. According to reports, six individuals were targeted, including two Zserver administrators, Aleksandr Sergeyevich Bolshakov and Alexander Igorevich Mishin, who are involved in LockBit’s crypto transactions.
According to Chainanalysis, a crypto address associated with Minchin and three other wallets owned by the company are now under the control of the US Treasury’s Office of Foreign Assets Control (OFAC), meaning they’re subject to sanctions.
The office also shared that the group have laundered around $7 billion worth of crypto using 44 Tordano Cash addresses.
Featured image from Gemini Imagen, chart from TradingView
Related Posts
