US, UK, and Australia sanction Russian ‘bulletproof’ web host used in ransomware attacks

The United States, United Kingdom, and Australia have united to impose sanctions on a Russian web hosting service, often referred to as 'bulletproof', due to its alleged involvement in facilitating ransomware attacks against U.S. entities and critical infrastructure. In a statement released on Wednesday, the U.S. Treasury Department announced coordinated sanctions against Media Land, a Russia-based web host, along with three associated firms. This move also extends to several executives of the company, including its general director, known as Yalishanda, who is accused of providing servers and technical support to cybercriminals. Officials have indicated that hackers have utilized Media Land to execute distributed denial-of-service attacks, with notorious ransomware groups such as LockBit, BlackSuit, and Play reportedly relying on the infrastructure it provides. The Treasury emphasized that certain employees within Media Land collaborated directly with cybercriminals, facilitating their malicious activities. 'Bulletproof' hosting services are designed to resist law enforcement actions, making them attractive to cybercriminals for hosting their illegal operations. U.S. officials noted that companies like Media Land are crucial in supplying cybercriminals with the necessary tools to target businesses within the U.S. and allied nations, though specific victims were not disclosed. Additionally, the U.K. Foreign Office announced sanctions against Hypercore, a U.K.-based entity believed to be a front for the Aeza Group, another bulletproof hosting service that faced U.S. sanctions earlier this year. The U.K. further linked Aeza to a Kremlin-affiliated disinformation agency known as the Social Design Agency. These sanctions effectively prohibit individuals and businesses tied to the U.S., U.K., and Australia from engaging in any transactions with the sanctioned entities. In response to the escalating threat from such hosting providers, the U.S. cybersecurity agency CISA, along with the National Security Agency, released guidance on strategies organizations can adopt to mitigate risks associated with bulletproof hosting.