US, UK, and Australia Sanction Russian Hosting Provider Linked to LockBit Ransomware

The United States, United Kingdom, and Australia have jointly sanctioned Zservers, a Russia-based bulletproof hosting (BPH) provider, for supporting LockBit ransomware operations

  Europe Cyber affairs News   Feb 13, 2025  Add to Reading List
US, UK, and Australia Sanction Russian Hosting Provider Linked to LockBit Ransomware

The United States, United Kingdom, and Australia have jointly sanctioned Zservers, a Russia-based bulletproof hosting (BPH) provider, for supporting LockBit ransomware operations. The sanctions target Zservers and two of its administrators for providing the infrastructure used in cyberattacks.

Crackdown on LockBit’s Network

The move is part of ongoing international efforts to dismantle LockBit, one of the most disruptive ransomware-as-a-service (RaaS) groups. These sanctions follow:

  • Europol and Eurojust’s October 2023 crackdown, which led to four arrests and multiple device seizures.
  • The arrest of a LockBit developer in Israel in August 2023.
  • Australia’s May 2024 sanctions against LockBit’s alleged leader, Dmitry Yuryevich Khoroshev (aka LockBitSupp).

How Zservers Enabled Cybercrime

Investigations revealed that Zservers advertised its hosting services on cybercriminal forums, leasing IP addresses and other infrastructure to LockBit affiliates. Evidence collected by law enforcement linked Zservers’ services to ransomware coordination, including:

  • A 2022 Canadian investigation found a LockBit affiliate using Zservers’ IP addresses.
  • A Russian cybercriminal purchasing Zservers’ services to power LockBit’s ransomware chat servers.
  • 2023 leasing of Russian IP addresses to LockBit operators.

Do Sanctions Work?

While sanctions aim to disrupt cybercriminal networks by blocking financial transactions and seizing infrastructure, experts remain divided on their long-term impact. LockBit and similar groups are highly adaptable, often securing alternative infrastructure to continue operations.

However, security professionals believe sanctions can increase operational costs for cybercriminals, making attacks more difficult. Despite these measures, businesses must stay proactive, strengthening cybersecurity strategies and preparing for evolving ransomware tactics.

As RaaS models and cyber threats evolve, organizations must continuously update their defenses to stay ahead of sophisticated cybercriminal networks.