The US Department of the Treasury, Office of Foreign Assets Control (OFAC), has partnered with Australia and the UK to sanction Zservers as it is an enabler of LockBit, a Russian ransomware group. LockBit is said to be the culprit in the attack against the Industrial Commercial Bank of China U.S. broker-dealer.
OFAC is also designating two Russian nationals who are administrators of Zservers and are said to have enabled ransomware attacks and other criminal activity.
Zservers provides bulletproof hosting (BPH), a system designed to evade discovery by enforcement agencies.
Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, Bradley T. Smith said that the action in partnership with Australia and the United Kingdom underscores their collective resolve to “disrupt all aspects of this criminal ecosystem, wherever located, to protect our national security.”
OFAC points to last year’s cyber sanctions, which targeted Russian Alexander Ermakov and Evil Corp ransomware group members in collaboration with the UK and Australia.
The two individuals sanctioned affiliated with Zservers are:
- Alexander Igorevich Mishin: a Russian national and administrator of Zservers. Mishin has marketed Zservers’ BPH services to cybercriminals, including LockBit affiliates and other ransomware groups, with the understanding that they would use those services in their cybercriminal activities. He has also directed virtual currency transactions to be made in support of those activities.
- Aleksandr Sergeyevich Bolshakov: a Russian national and administrator of Zservers. In 2023, Bolshakov and Mishin shut down an IP address in response to a complaint from a Lebanese company alleging that a Zservers-associated IP address had implemented Lockbit in a ransomware attack. Zservers likely enabled ransomware attacks to continue by assigning a new IP address to the malicious Lockbit user. Mishin instructed Bolshakov to change the IP address of the malicious user and then told the Lebanese company that the original IP address was cut off.
The sanctions may do little unless the perpetrators have assets or interests to which the US may gain access. Sanctions can target other entities that provide support to sanctioned individuals or entities.