Governmental agencies in the U.S., UK and Australia have jointly placed sanctions on Zservers, a Russia-based provider of hosting services used by the notorious LockBit group and other ransomware attackers.
The U.S. Office of Foreign Assets Control, or OFAC, has placed Zservers and six of its employees on the Specially Designated Nationals (SDN) list, blocking any U.S.-based assets they may own and also prohibiting US-based entities from conducting business with them.
The UK’s Foreign Commonwealth and Development Office has also imposed sanctions on XHOST Internet Solutions LP, the UK-based front company for Zservers, which allegedly advertises itself to cybercriminals as a bulletproof hosting, or BPH, provider.
As a BPH provider, Zservers is reported to host hackers, misinformation, child exploitation material, spam and hate speech, with Zservers and similar companies selling criminals tools which can hide their locations, activities and identities.
A report by Chainalysis shows that “multiple different ransomware affiliates” sent funds to Zservers, with one of these affiliates including LockBit, which was broken up last February after using ransomware attacks to extract $120 million in Bitcoin from victims.
Chainanalysis did not immediately respond to a request for comment from Decrypt.
In fact, it was a 2022 search of a known LockBit affiliate that led to Zservers. It was then that Canadian authorities discovered a laptop running a virtual machine connected to a Zservers IP address.
Chainalysis data also reveals that the Zservers cashed out funds at the already OFAC-sanctioned Garantex exchange, as well as at various other KYC-free exchanges.
In total, Zservers’ interactions with the ransomware-linked actors accounted for $5.2 million in on-chain activity, according to Chainalysis.
The US and UK governments have welcomed the news of sanctions against Zservers as a blow against international ransomware gangs, which according to the FATF “almost exclusively” request payment in crypto.
“Today’s trilateral action with Australia and the United Kingdom underscores our collective resolve to disrupt all aspects of this criminal ecosystem, wherever located, to protect our national security,” said Bradley T. Smith, Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence.
UK Minister of State for Security Dan Jarvis described Russian-affiliated cybercrime gangs as some of “the most harmful cyber threats” the UK faces today.
“Denying cybercriminals the tools of their trade weakens their capacity to do serious harm to the UK,” he said.
The most recent data suggests that ransomware attacks are becoming more prevalent, yet are causing less damage in monetary terms.
This was the conclusion of Chainalysis’ 2025 Crypto Crime Report, which recorded a 35% year-on-year decline in the total volume of ransomware payments, from a record $1.25 billion in 2023 to $813.55 million last year.
Yet it also revealed an increase in ransomware events (attacks or leaks) in H2 2024, with 56 data leak sites appearing across the year, more than double the number in 2023.
The UK National Cyber Security Centre predicted in January 2024 that AI will increase the volume and impact of ransomware attacks globally over the following two years.
One group, known as FunkSec, has been using generative AI to write its code, and was responsible for 103 separate attacks in December 2024 alone, making it the most active ransomware group that month.
Edited by Stacy Elliott.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
