{"id":21077,"date":"2025-02-12T11:49:18","date_gmt":"2025-02-12T09:49:18","guid":{"rendered":"https:\/\/forklog.com\/en\/russian-provider-zservers-sanctioned-for-aiding-lockbit\/"},"modified":"2025-02-12T11:49:18","modified_gmt":"2025-02-12T09:49:18","slug":"russian-provider-zservers-sanctioned-for-aiding-lockbit","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/russian-provider-zservers-sanctioned-for-aiding-lockbit\/","title":{"rendered":"Russian Provider Zservers Sanctioned for Aiding LockBit"},"content":{"rendered":"<p>The United States, Australia, and the United Kingdom have imposed sanctions on the Russian secure hosting provider Zservers for offering services to the LockBit ransomware group.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">? SANCTIONED: Russian cyber entity ZSERVERS, the launchpad for crippling ransomware attacks, and their UK front, XHOST Internet Solutions LP.<\/p>\n<p>The UK is cracking down on the Russian cybercrime supply chain and the predatory ransomware activity it feeds. <a href=\"https:\/\/t.co\/AzE80qrxMT\">pic.twitter.com\/AzE80qrxMT<\/a><\/p>\n<p>\u2014 Foreign, Commonwealth &#038; Development Office (@FCDOGovUK) <a href=\"https:\/\/twitter.com\/FCDOGovUK\/status\/1889323835771502964?ref_src=twsrc%5Etfw\">February 11, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to <a href=\"https:\/\/home.treasury.gov\/news\/press-releases\/sb0018\">data<\/a> from the <span data-descr=\"Office of Foreign Assets Control of the US Department of the Treasury\" class=\"old_tooltip\">OFAC<\/span>, the company, with servers in the US, Russia, Bulgaria, the Netherlands, and Finland, sold a range of tools that allowed users to conceal their location, identity, and online activities. This facilitated &#8220;attacks on critical infrastructure in the US and worldwide.&#8221;\u00a0<\/p>\n<p>The sanctions <a href=\"https:\/\/www.gov.uk\/government\/news\/new-uk-sanctions-target-russian-cybercrime-network\">include<\/a> freezing the assets of Zservers, its UK front company XHOST Internet Solutions LP, and six individuals.\u00a0<\/p>\n<p>Among them are two Zservers administrators, Russian citizens Alexander Mishin and Alexander Bolshakov. Authorities allege they were involved in managing LockBit&#8217;s cryptocurrency transactions and supporting the gang&#8217;s attacks.<\/p>\n<p>Chainalysis analysts <a href=\"https:\/\/www.chainalysis.com\/blog\/ofac-sanctions-zservers-ransomware-attacks-lockbit-february-2025\/\">reported<\/a> that wallets associated with Zservers and the Mishins have been added to the <span data-descr=\"Specially Designated Nationals and Blocked Persons List\" class=\"old_tooltip\">SDN<\/span> list. Funds from various illicit entities, including other ransomware affiliates, were directed to the provider&#8217;s addresses.<\/p>\n<p>Zservers cashed out funds through the US-sanctioned Russian exchange Garantex, as well as on trading services and platforms without <span data-descr=\"Know Your Customer\" class=\"old_tooltip\">KYC<\/span>, analysts noted.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXejVmLOJ7kBSOnmybsMrppTHLPHIH2Ok8hD0HQM3lfKqmkFmSCbpQJkQNc83co6PKUZy29QPxX7GjvFTvwvxniTbYfDtQFqCtDFXy_ckNFYO1zGyc-LL9Ul-6QN0EQUsF4Zj96C?key=B3ewyfG7LtqdLF_CJFpbK2Nz\" alt=\"Russian Provider Zservers Sanctioned for Aiding LockBit\"\/><figcaption class=\"wp-element-caption\">Data: Chainalysis.<\/figcaption><\/figure>\n<p>Overall, experts identified on-chain activity by Zservers linked to high-risk and illegal entities amounting to at least $5.2 million.\u00a0<\/p>\n<p>During a joint operation by authorities from dozens of countries to disrupt LockBit&#8217;s activities, part of the ransomware&#8217;s infrastructure was seized, <a href=\"https:\/\/forklog.com\/en\/news\/uk-police-seize-200-lockbit-cryptocurrency-wallets\">200 cryptocurrency wallets<\/a> were arrested, and several gang members were detained. Law enforcement estimates that from June 2022 to February 2024, 7,000 cyberattacks generated up to $1 billion for the hackers.<\/p>\n<p>As reported by Chainalysis, ransomware revenues in 2024 fell from $1.25 billion to $813 million.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The United States, Australia, and the United Kingdom have imposed sanctions on the Russian secure hosting provider Zservers for offering services to the LockBit ransomware group. ? SANCTIONED: Russian cyber entity ZSERVERS, the launchpad for crippling ransomware attacks, and their UK front, XHOST Internet Solutions LP. The UK is cracking down on the Russian cybercrime [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":21076,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[108,44,27,686,810,26],"class_list":["post-21077","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-australia","tag-cybercrime","tag-russia","tag-sanctions","tag-united-kingdom","tag-usa"],"aioseo_notices":[],"amp_enabled":true,"views":"28","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/21077","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=21077"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/21077\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/21076"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=21077"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=21077"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=21077"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}