US, UK and Australia sanction ‘bulletproof’ Russian web server used in ransomware attacks

The governments of the United States, the United Kingdom and Australia have sanctioned a “bulletproof” Russian web hosting company and several of its related companies for allegedly being used to launch ransomware attacks against US victims and critical infrastructure.

In a statement on Wednesday, the US Treasury. saying imposed coordinated sanctions on Russia-based web hosting provider Media Land and three related companies. The sanctions also target several company executives, including its CEO, also known as Yalishanda – who allegedly provided servers and troubleshooting to cybercriminals.

Authorities say criminal hackers relied on Media Land to launch distributed denial-of-service attacks. Prolific ransomware gangs, including BlockBit, black suitand Play He supposedly used it for his infrastructure. Treasury said several of the company’s employees coordinated with the cybercriminals.

“Bulletproof” providers are web servers and cloud companies that typically market their services as impervious or resistant to law enforcement actions such as takedowns or lawsuits, and as such are commonly used by cybercriminals to host their malicious infrastructure.

U.S. officials said hosting companies like Media Land help provide cybercriminals with essential services to “attack businesses in the United States and allied countries,” although the Treasury did not name the victims of the attacks.

The UK Foreign Office said it was also designating a UK-based company called Hypercore, which officials said was set up as a front company for Aeza Group, another bulletproof hosting company that was sanctioned by the United States in July. The United Kingdom said in his own statement that Aeza is linked to a Kremlin disinformation organization called Social Design Agency.

Sanctioning companies and individuals involved in cybercrime effectively makes it illegal for citizens, residents or those with business ties to the US, UK and Australia to transact or conduct business with those sanctioned.

The US cybersecurity agency CISA and the National Security Agency published guide Wednesday on how organizations can mitigate the risks of bulletproof hosting providers.