US charges alleged operators of Russian bulletproof hosting service

Hackers data center

U.S. federal prosecutors have unsealed charges against three Russian nationals, accusing them of providing bulletproof hosting (BPH) services to ransomware gangs that caused over $62 million in damages to victims worldwide.

BPH providers lease servers that help hinder disruption efforts targeting their malicious activities, including malware delivery, command-and-control operations, phishing attacks, and illicit content hosting. They market themselves as "bulletproof" by ignoring victims' complaints and subsequent law enforcement takedown requests.

The two BPH services, Media Land and ML.Cloud, also provided customers with infrastructure in multiple countries outside Russia, including China, Finland, the Netherlands, as well as the United States.

According to an indictment unsealed on Tuesday, Aleksandr Volosovik (who used the alias "Yalishanda" on cybercriminal forums) owned Media Land, Yulia Pankova owned ML Cloud and assisted with legal and financial matters, and Kirill Zatolokin collected customer payments.

The U.S. Department of State is now also offering a reward of up to $10 million through its Rewards for Justice (RFJ) program for any information "on foreign government-linked associates of these actors, their malicious cyber activities, or foreign government-linked use of these companies."

Have information on these individuals or their associated companies? Your assistance could lead to a reward and relocation. Submit your tip today.https://t.co/bVD7q0dG3O pic.twitter.com/M9HMX9svej

— Rewards for Justice (@RFJ_USA) July 14, 2026

The United States, the United Kingdom, and Australia previously sanctioned the three defendants and two companies in November for providing attack infrastructure and tech support to multiple ransomware and cybercrime operations, including Lockbit, Blacksuit, and Play.

The Department of the Treasury's Office of Foreign Assets Control (OFAC) said at the time that Media Land's infrastructure was used to launch distributed denial-of-service (DDoS) attacks against U.S. companies and critical infrastructure, including telecommunications systems.

"The victims in this case are not only in Ohio, but also in 20 other states across the country, touching every aspect of Americans' lives. They include banks, schools, government entities, hospitals, and media companies," said United States Attorney David M. Toepfer.

"Together with our international partners, we will aggressively combat the efforts of individuals who hide behind computers anywhere in the world who seek to profit and wreak havoc by targeting the infrastructures that support our communities."

This week, the Council of the European Union also announced sanctions against Media Land, ML.Cloud, and Alexander Volosovik, as part of the first joint cyber sanctions package issued against Russia in collaboration with the United Kingdom.

Test every layer before attackers do

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper
source: BleepingComputer