Already a subscriber? Make sure to log into your account before viewing this content. You can access your account by hitting the “login” button on the top right corner. Still unable to see the content after signing in? Make sure your card on file is up-to-date.

The United States has rolled out new sanctions and arrests targeting Russian cybercriminal networks involved in cyber extortion schemes.

Some shit you should know before you read: Over the last six years, there’s been a notable uptick in cyberattacks against the United States from Russian and Chinese-linked threat actors, many of whom operate under the guise of independent cybercriminals but are often backed by their respective governments to avoid direct diplomatic fallout. One prominent example is Vault Typhoon, a Chinese state-sponsored hacking group that has targeted critical US infrastructure, including communications, energy, and transportation networks, using espionage tactics to maintain long-term access to compromised systems. Similarly, Russian ransomware groups like Evil Corp and Conti have extorted billions from US businesses and institutions, frequently working in alignment with Kremlin interests while maintaining a layer of plausible deniability.

What’s going on now: In an announcement, the United States, United Kingdom, and Australia imposed coordinated sanctions on Zservers, a Russia-based bulletproof hosting (BPH) provider, for allegedly supporting LockBit ransomware attacks. LockBit is one of the most notorious ransomware groups in the world, responsible for extorting over $120 million from thousands of victims, including major financial institutions and government agencies. Authorities claim that Zservers provided cybercriminals with infrastructure designed to evade law enforcement, enabling ransomware groups to conduct extortion schemes against businesses, hospitals, and government institutions.

Two Russian nationals, Aleksandr Sergeyevich Bolshakov and Alexander Igorevich Mishin, were also sanctioned for operating Zservers and knowingly facilitating ransomware activity. Additionally, the US arrested Roman Berezhnoy and Egor Nikolaevich Glebov, accusing them of using ransomware to target over 1,000 victims, including hospitals and schools, extorting at least $16 million from their attacks.

US officials react: In a statement, State Department spokesperson Tammy Bruce said, “Russia continues to offer safe harbor for cybercriminals where groups are free to launch and support ransomware attacks against the United States and its allies and partners.” Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith said, “Ransomware actors and other cybercriminals rely on third-party network service providers like Zservers to enable their attacks on US and international critical infrastructure. Today’s trilateral action with Australia and the United Kingdom underscores our collective resolve to disrupt all aspects of this criminal ecosystem, wherever located, to protect our national security.”