The U.S. Department of the Treasury, Australia, and the United Kingdom have sanctioned Media Land, a Russia-based “bulletproof” hosting provider for its role in supplying infrastructure to ransomware groups and other cybercriminals. The U.S. Federal Bureau of Investigation also coordinated this action, targeting the company’s leadership and related entities.
Bulletproof hosting providers furnish specialized servers that enable criminals to conceal their operations and evade law enforcement. These services equip ransomware gangs, hackers, and other cybercriminals with essential infrastructure for launching attacks against businesses and critical infrastructure.
Media Land, operating from St. Petersburg, Russia, provided hosting services to prominent ransomware groups like LockBit, BlackSuit, and Play. Its infrastructure also supported distributed denial-of-service (DDoS) attacks against U.S. companies and critical systems. Media Land’s leadership directly participated in these criminal operations. Aleksandr Volosovik, Media Land’s general director, advertised the company’s services on cybercriminal forums using the alias Yalishanda providing servers to ransomware actors. Employee Kirill Zatolokin collected payments from customers and coordinated with other cyber actors, while Yulia Pankova assisted Volosovik with legal and financial management.
The Treasury also designated Hypercore Ltd., a UK-registered company the Aeza Group created after its own sanctioning in July 2025. Aeza attempted to rebrand and conceal its connections to bypass sanctions. Treasury officials also designated new companies and individuals involved in this evasion effort, including directors Maksim Makarov and Ilya Zakirov. Related entities in Serbia and Uzbekistan also faced targeting.
The United States has frozen all property and assets belonging to the designated individuals and companies within its jurisdiction. U.S. persons and businesses must not conduct transactions with these entities. Financial institutions that engage with sanctioned parties risk enforcement actions.
The U.S. Treasury stated these coordinated international actions demonstrate a commitment to preventing ransomware and protecting citizens from cybercrime.
The Cybersecurity and Infrastructure Security Agency released guidance for protecting against bulletproof hosting providers.