{"id":12849,"date":"2025-02-13T10:02:43","date_gmt":"2025-02-13T10:02:43","guid":{"rendered":"https:\/\/dogewisperer.com\/?p=12849"},"modified":"2025-02-13T10:02:43","modified_gmt":"2025-02-13T10:02:43","slug":"bulletproof-no-more-russian-zservers-sanctioned-for-alleged-lockbit-crypto-crimes","status":"publish","type":"post","link":"https:\/\/dogewisperer.com\/?p=12849","title":{"rendered":"Bulletproof No More? Russian Zservers Sanctioned For Alleged LockBit Crypto Crimes"},"content":{"rendered":"<div>\n<p>International authorities are ramping up their efforts to stop groups and individuals using the LockBit ransomware to target unsuspecting users. The latest was the crackdown on the Russia-based <a href=\"https:\/\/www.reuters.com\/technology\/cybersecurity\/us-uk-australia-target-russia-based-zservers-over-lockbit-ransomware-attacks-2025-02-11\/\" target=\"_blank\" rel=\"noopener nofollow\">Zservers<\/a>, a bulletproof hosting service provider that allegedly had links with the LockBit cryptocurrency ransomware group.<\/p>\n<p>In a media statement, the <a href=\"https:\/\/www.afp.gov.au\/news-centre\/media-release\/international-police-operation-takes-down-worlds-most-harmful-2\" target=\"_blank\" rel=\"noopener nofollow\">Australian Federal Police<\/a> (AFP) shared that they have worked with the US and the UK to freeze the assets that belong to Zservers and its affiliate company, XHOST Internet Solutions LP, and ban international travel for six persons.<\/p>\n<p>According to the AFP report, over 200 crypto accounts allegedly owned by the group have been frozen by the authorities, cutting the group\u2019s source of funding and profits.<\/p>\n<h2><strong>Zservers Hit With Sanctions<\/strong><\/h2>\n<p>Zservers, a bulletproof hosting (BPH) service provider based in Russia, is now facing sanctions for its links with the LockBit gang. LockBit is a Russian group known for deploying one of the most <a href=\"https:\/\/www.theglobaltreasurer.com\/2025\/02\/12\/united-states-australia-and-united-kingdom-crack-down-on-key-cybercrime-infrastructure-supporting-ransomware-attacks\/\" target=\"_blank\" rel=\"noopener nofollow\">dangerous ransomware attacks<\/a> in recent years.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\"><img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/1f6a8.png\" alt=\"\ud83d\udea8\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\"> SANCTIONED: Russian cyber entity ZSERVERS, the launchpad for crippling ransomware attacks, and their UK front, XHOST Internet Solutions LP.<\/p>\n<p>The UK is cracking down on the Russian cybercrime supply chain and the predatory ransomware activity it feeds. <a href=\"https:\/\/t.co\/AzE80qrxMT\" rel=\"nofollow\" target=\"_blank\">pic.twitter.com\/AzE80qrxMT<\/a><\/p>\n<p>\u2014 Foreign, Commonwealth &amp; Development Office (@FCDOGovUK) <a href=\"https:\/\/twitter.com\/FCDOGovUK\/status\/1889323835771502964?ref_src=twsrc%5Etfw\" rel=\"nofollow noopener\" target=\"_blank\">February 11, 2025<\/a><\/p>\n<\/blockquote>\n<p>In November 2023, the group targeted the Industrial Commercial Bank of China. Multiple reports show that China\u2019s biggest lender paid ransom after the hacking. <a href=\"https:\/\/www.infosecurity-magazine.com\/news\/us-uk-australia-sanction-russia\/\" target=\"_blank\" rel=\"noopener nofollow\">The hackers<\/a> were successful, and the bank\u2019s corporate emails stopped working, forcing employees to use Gmail.<\/p>\n<p>A Bulletproof hosting (BPH) service provider, like Zservers, offers access to specialised servers and infrastructure designed to cloak operators, evade detection, and skirt the law.<\/p>\n<p><img fetchpriority=\"high\" decoding=\"async\" class=\"size-full\" src=\"https:\/\/www.tradingview.com\/x\/g7C1AQDx\/\" width=\"1626\" height=\"883\"><\/p>\n<p>According to the US Treasury Department, this type of company often sells tools for bad actors that can hide identities, locations, and online identities. Bradley Smith of the US Treasury explained that companies like Zservers enable criminals to attack the US and other countries\u2019 online infrastructure.<\/p>\n<h2><strong>What Is The LockBit Ransomware And How Does It Work?<\/strong><\/h2>\n<p>LockBit works as a \u201cransomware-as-a-service\u201d product, which means that any individual or group, even without tech skills, can buy and use its ready-made <a href=\"https:\/\/www.trellix.com\/security-awareness\/ransomware\/what-is-ransomware\/\" target=\"_blank\" rel=\"noopener nofollow\">ransomware<\/a> program and target unsuspecting users.<\/p>\n<p>Ransomware is a malicious software that can attack devices and networks and encrypt files and data, making them worthless.<\/p>\n<p>Traditionally, hackers and cybercriminals use ransomware to demand payments from victims in exchange for recovering lost or encrypted data. Often, victims will pay the ransom in <a href=\"https:\/\/www.coingecko.com\/\" target=\"_blank\" rel=\"noopener nofollow\">cryptocurrency<\/a>.<\/p>\n<p><strong>Crypto Addresses Owned By Zservers Administrators Now Sanctioned<\/strong><\/p>\n<p>As part of the authorities\u2019 crackdown, the assets of Zservers\u2019 administrators are currently on hold. According to reports, six individuals were targeted, including two Zserver administrators, Aleksandr Sergeyevich Bolshakov and Alexander Igorevich Mishin, who are involved in LockBit\u2019s crypto transactions.<\/p>\n<p>According to Chainanalysis, a crypto address associated with Minchin and three other wallets owned by the company are now under the control of the US Treasury\u2019s Office of Foreign Assets Control (OFAC), meaning they\u2019re subject to sanctions.<\/p>\n<p>The office also shared that the group have laundered around $7 billion worth of crypto using 44 Tordano Cash addresses.<\/p>\n<p><em>Featured image from Gemini Imagen, chart from TradingView<\/em><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>International authorities are ramping up their efforts to stop groups and individuals using the LockBit ransomware to target unsuspecting users. The latest was the crackdown on the Russia-based Zservers, a bulletproof hosting service provider that allegedly had links with the LockBit cryptocurrency ransomware group. In a media statement, the Australian Federal Police (AFP) shared that [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":0,"footnotes":""},"categories":[2],"tags":[3,4,5],"class_list":["post-12849","post","type-post","status-publish","format-standard","hentry","category-news","tag-crypto","tag-doge","tag-news"],"_links":{"self":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/12849","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=12849"}],"version-history":[{"count":0,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/12849\/revisions"}],"wp:attachment":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=12849"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=12849"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=12849"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}