US, UK, and Australia sanction Russian ‘bulletproof’ web host used in ransomware attacks

The United States, the United Kingdom, and Australia have jointly imposed sanctions on a Russian “bulletproof” web-hosting company and several affiliated firms, accusing them of supporting ransomware operations targeting U.S. victims and critical infrastructure.

In a statement on Wednesday, the U.S. Treasury announced coordinated sanctions against the Russia-based hosting provider Media Land and three related companies. The measures also include sanctions against several executives, including the company’s general director, known online as Yalishanda, who allegedly provided technical support and servers to cybercriminal groups.

According to officials, criminal hackers used Media Land’s infrastructure to carry out distributed denial-of-service attacks. Notorious ransomware operations such as LockBit, BlackSuit, and Play are also believed to have relied on the company’s services. Treasury officials said several Media Land employees actively worked with cybercriminals.

“Bulletproof” hosting firms market themselves as resistant to law enforcement shutdowns, takedowns, or legal requests — making them popular among cybercriminals for hosting malicious operations and infrastructure.

U.S. officials said companies like Media Land provide essential backbone services enabling hackers to “attack businesses in the United States and allied countries,” although specific victims were not named.

The U.K.’s Foreign Office also announced sanctions against Hypercore, a U.K.-registered company that officials say served as a front for Aeza Group, another bulletproof hosting provider sanctioned by the U.S. in July. British authorities said Aeza is linked to the Kremlin-backed disinformation outfit, the Social Design Agency.

The sanctions prohibit individuals and businesses in the U.S., U.K., and Australia from conducting transactions or doing business with the designated companies and executives.

On Wednesday, U.S. cybersecurity agencies CISA and the National Security Agency released new guidance to help organisations defend against threats originating from bulletproof hosting providers.