Feb. 11 (UPI) -- The United States, Australia and Britain on Tuesday jointly sanctioned a Russia-based bulletproof hosting services provider over its support of LockBit ransomware attacks.
The U.S. Treasury said that Zservers, based in Barnaul, has provided its services, including leasing IP address, to affiliates of the notorious Russia-based LockBit ransomware criminal group to commit malicious cybercrimes.
"Ransomware actors and other cybercriminals rely on third-party network service providers like Zservers to enable their attacks on U.S. and international critical infrastructure," Bradley Smith, the Treasury's acting under-secretary for terrorism and financial intelligence said in a statement.
"Today's trilateral action with Australia and the United Kingdom underscores our collective resolve to disrupt all aspects of this criminal ecosystem, wherever located, to protect our national security."
Related
A bulletproof hosting services provider leases cybercriminals servers and other computer infrastructure that is designed to evade law enforcement detection and attempts to disrupt their activities.
LockBit is known for its ransomware of the same name, which is the most deployed variant.
According to a Cybersecurity and Infrastructure Security Agency advisory from 2023, cybercriminals have used Lockbit to attack critical infrastructure ranging from the education and financial sectors to energy and agriculture.
U.S. officials said LockBit was responsible for the November 2023 attack against the Industrial Commercial Bank of China U.S. broker-dealer. Australian officials have also blamed the variant for being responsible for the 2022 cyberattack against Medibank Private, an Australian private health insurance company, affecting millions of its customers, some of whom had their records published on the dark web as a result.
Headquartered in Barnaul, Russia, Zservers has built a reputation as a safe haven for cybercriminals to evade law enforcement investigators. During this time, its serves have facilitated ransomware attacks in the United States and other countries.
U.S. officials accuse Zservers of subleasing IP addresses and running the programming interface malware used by LockBit and other Russian-related cybercriminals. Zservers likely enabled ransomware attacks to continue by assigning new IP addresses to Lockbit users.
The U.S. Treasury said it also sanctioned two Zservers administrators. Britain separately said its sanctions hit Zservers, its British front company Xhost and six employees. And Australia said it blacklisted Zservers and five of its employees.
The sanctions are the first time that Australia has imposed cyber sanctions on an entity and the first time it has sanctioned those providing services enabling cyberattacks.
"We are preventing, deterring and disrupting malicious cyber activity through attributions and targeted sanctions in the national interest," Australia's Foreign Affairs Minister Penny Wong said in a statement.
"We will continue to work with our international partners to impose costs on cyber criminals and protect Australians from cyber threats."
