In a concerted international effort to combat cybercrime, the United States, the United Kingdom, and Australia have imposed sanctions on Zservers, a Russia-based bulletproof hosting provider, and two Russian nationals operating the network. This action, announced on February 11, 2025, is aimed at disrupting the infrastructure supporting the LockBit ransomware syndicate, a criminal enterprise responsible for extensive cyber extortion campaigns worldwide.
Zservers, a provider of bulletproof hosting (BPH) services, facilitated cybercriminals by offering resilient server infrastructure designed to withstand law enforcement takedowns. These services enabled the LockBit group to launch ransomware attacks against global targets, compromising data integrity, disrupting critical services, and demanding multimillion-dollar ransoms from victims.
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated Zservers and its operators under Executive Order (E.O.) 13694, as amended by E.O. 14144, which authorizes financial sanctions against individuals and entities involved in significant cyber-enabled malicious activities. These sanctions freeze all assets belonging to the designated parties in U.S. jurisdiction and prohibit financial transactions involving U.S. persons.
LockBit, active since 2019, has targeted thousands of victims worldwide, extorting over $120 million through high-profile ransomware attacks. Notable victims include Boeing, the Industrial and Commercial Bank of China, the UK’s Royal Mail, and the National Health Service (NHS), among others. The group has gained notoriety for its sophisticated attack methods, including exploiting vulnerabilities in enterprise systems and deploying ransomware-as-a-service (RaaS) operations.
In addition to these sanctions, the U.S. Department of State has announced substantial reward offers under the Transnational Organized Crime Rewards Program. Up to $15 million is being offered for information leading to the identification or location of key operators, administrators, and affiliates of the LockBit ransomware variant. Additionally, a separate reward of up to $10 million has been issued for information leading to the apprehension of LockBit’s lead administrator, Dmitry Yuryevich Khoroshev.
This latest crackdown highlights the commitment of the United States and its allies to dismantle cybercriminal networks that exploit digital vulnerabilities for illicit financial gain. By targeting the financial and operational infrastructure of ransomware groups, international law enforcement aims to curb the growing threat posed by cyber extortion and safeguard global cybersecurity.
The coordinated sanctions serve as a strong warning to cybercriminals that their operations will face relentless international scrutiny and disruption. As nations continue to enhance cybersecurity cooperation, efforts to neutralize cyber threats and protect businesses, governments, and individuals from ransomware attacks remain a top priority.
For more information, visit the following links: