Three countries have sanctioned the Russia-based hosting service Zservers for offering services to the notorious cryptocurrency ransomware gang LockBit.
The sanctions include asset freezes, travel bans, and restrictions that cut Zservers off from the global financial system. This means any property or funds tied to them in sanctioned jurisdictions are blocked, and financial institutions risk penalties if they engage with them.
For the unaware, bulletproof hosting service providers offer infrastructure designed to shield cybercriminals from law enforcement by masking identities, locations, and online activities. According to Bradley T. Smith, Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, bad actors rely on these services to orchestrate attacks on “US and international critical infrastructure.”
The move also blacklists Zservers administrators Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov, along with four other individuals tied to LockBit’s operations, cutting them off from global financial systems and imposing travel bans.
Zservers serviced clients beyond LockBit
Zservers was catering to a broad client base in the cybercrime world, the report added. Chainalysis traced at least $5.2 million in on-chain activity linked to Zservers, revealing that multiple ransomware affiliates beyond LockBit had sent funds to the service.
Chainalysis also noted that Zservers cashed out through sanctioned Russian exchange Garantex and other high-risk platforms with little to no KYC enforcement.