Rawf8 - stock.adobe.com
UK targets ‘bulletproof’ services that hosted ransomware gangs
The UK's NCA and partners have cracked down on 'bulletproof' services that hosted cyber criminal infrastructure.
The UK’s National Crime Agency and partners from the Anglophone Five Eyes intelligence alliance have fired several shots across the bows of so-called ‘bulletproof’ hosting services Media Land and ML Cloud that shielded their customers, including ransomware gangs such as Black Basta, Evil Corp and LockBit, from detection.
The two organisations are alleged to be part of a Russia-based operation run by an individual named as Alexander Volosovik (aka Yalishanda), who is described as a “critical enabler” of global cyber crime.
They are accused of supporting large-scale ransomware campaigns and other malware operations, leading to financial losses, operational disruption and reputational damage for ordinary businesses all over the world.
The NCA said the actions complemented its strategy of targeting the ransomware ecosystem’s key enablers who facilitate criminal activity and lower the barrier to entry for cyber criminals.
“Bulletproof hosting is a key component of the cyber crime ecosystem, providing a digital safe haven for cyber criminals that can appear resistant to law enforcement takedown activity,” said NCA deputy director Paul Foster, head of the National Cyber Crime Unit.
“Services like Media Land … are critical enablers for cyber criminals so sanctions like today's against Media Land will inhibit their ability to plan, launch and monetise criminal schemes.
“This action will assist in law enforcement's pursuit of nullifying the 'bulletproof' shield provided by illicit hosting services, helping to degrade the cybercrime ecosystem that nefarious actors depend on.”
Volosovik and two associates have been sanctioned by the Foreign, Commonwealth and Development Office (FCDO) in the UK, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC), and Australia’s Department for Foreign Affairs and Trade (DFAT).
The other two individuals were named by the US as Kirill Zatolokin, who was allegedly responsible for collecting payments and liaising with other cyber criminals, and Yulia Pankova, who allegedly provided legal and financial support to the operation.
“These so-called bulletproof hosting service providers like Media Land provide cybercriminals essential services to aid them in attacking businesses in the United States and in allied countries,” said John Hurley, under secretary of the Treasury for Terrorism and Financial Intelligence.
“Today’s trilateral action with Australia and the UK, in coordination with law enforcement partners, demonstrates our collective commitment to combatting cyber crime and protecting our citizens.”
Maintaining pressure
At the same time, the US authorities are continuing their pursuit of another bulletproof service Aeza, which was sanctioned at the beginning of July.
Since then, said OFAC, the service’s leadership has embarked on a major rebrand focused on removing connections between Aeza and its technical infrastructure. However, with watchful eyes on them, this appears to have been in vain.
The US has now imposed sanctions on two individuals, Maksim Vladimirovich Makarov, the newly-designated director of Aeza, and Ilya Vladislavovich Zakirov, who is accused of helping set up new front companies and payment methods to obfuscate Aeza’s work.
It has also designated three companies over links to Aeza. Two of them, Smart Digital Ideas DOO and Datavice MCHJ are based in Serbia and Uzbekistan and have allegedly been used to evade sanctions on Russia and run technical infrastructure that is not linked to the Aeza name.
The third, however, is a UK-based company named by as Hypercore Ltd, which the US said was formed earlier in 2025 with the intent of being used to move Aeza’s IP infrastructure and evade sanctions.
Read more about the NCA's work
- The NCA has arrested a man in West Sussex over the cyber attack on Collins Aerospace that disrupted Heathrow and other EU airports. He has been released on conditional bail.
- Police have made four arrests in connection with a trio of cyber attacks on UK retailers Marks & Spencer, Co-op and Harrods.
- Will Lyne, head of cyber intelligence at the National Crime Agency, sketches out cyber criminal trends as ransomware and other attack varieties become democratised beyond Russophone, skilled software developers.
Read more on Hackers and cybercrime prevention
-
![]()
Effective cyber sanctions require a joined-up approach, says Rusi
By: Alex Scroxton
-
![]()
Infosecurity 2025: NCA cyber intelligence head spells out trends
By: Brian McKenna
-
![]()
A landscape forever altered? The LockBit takedown one year on
By: Alex Scroxton
-
![]()
UK government sanctions target Russian cyber crime network Zservers
By: Brian McKenna
