The US, Australia, and the UK have imposed sanctions on the Russian hosting company Zservers, accused of supporting the LockBit ransomware group.
Details of the Sanctions
On February 11, 2023, the US Treasury’s Office of Foreign Assets Control, Australia's Department of Foreign Affairs and Trade, and the UK's Foreign, Commonwealth & Development Office announced sanctions against Zservers and its front company, XHOST Internet Solutions LP. These sanctions include asset freezes, travel bans, and disconnecting Zservers from the global financial system. This means blocking any properties or funds related to Zservers in sanctioned jurisdictions and imposing penalties on financial institutions engaged with them.
Zservers’ Role in Criminal Activities
Zservers, managed by Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov, offered hosting services to shield cybercriminals from law enforcement. Mishin also directed crypto transactions related to ransomware operations. Zservers serviced not only LockBit but other groups as well. Analysis by Chainalysis revealed that Zservers received at least $5.2 million from various affiliates.
Implications and Global Response
Zservers used the Russian exchange Garantex and other platforms with minimal KYC enforcement to cash out funds. The LockBit group, prominent since 2019, has been involved in major hacks against Bangkok Airways, Accenture, and Canadian government services. In February 2024, a global coalition of law enforcement agencies, including the FBI and Europol, dismantled their command and control network.
Sanctions against Zservers underscore the international community's resolve to curb cybercrime and limit support for malicious actors through such platforms.
