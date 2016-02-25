One of the bulletproof hosting (BPH) providers used by the LockBit ransomware operation has been hit with sanctions in the US, UK, and Australia (AUKUS), along with six of its key allies.

Headquartered in Barnaul, Russia, Zservers provided BPH services to a number of LockBit affiliates, the three nations said today. On numerous occasions, affiliates purchased servers from the company to support ransomware attacks.

The trio said the link between Zservers and LockBit was established as early as 2022, when Canadian law enforcement searched a known LockBit affiliate and found evidence they had purchased infrastructure tooling almost certainly used to host chatrooms with ransomware victims.

"Ransomware actors and other cybercriminals rely on third-party network service providers like Zservers to enable their attacks on US and international critical infrastructure," said Bradley T Smith, acting under secretary of the Treasury for terrorism and financial intelligence.

[...] Bulletproof hosting services more generally are used in other types of cybercrime, such as child exploitation, misinformation, and hate speech, as well as ransomware gangs. The sanctions are being spun as a significant disruptor of a major cog in the cybercrime machine.

BPH providers operate just like normal hosting services but market themselves as ultra-secure alternatives that can't be touched by law enforcement, making them ideal for groups who want to ensure legal warrants won't bring their servers down.

They also claim to offer additional benefits such as the anonymization of locations, identities, and activities. Disrupting them can in turn scupper hundreds or thousands of other criminals in one fell swoop, the FCDO said.

It went on to claim that Zservers marketed itself explicitly to "illicit actors."

The UK led the way with sanctions, placing six individuals and the two entities on its list, while the US only placed two of the individuals – both alleged Zservers admins – on its equivalent.