Do Russian cyber firms back ransomware attacks? US, UK and Australia strike hard in coordination

The United States, Australia  and  Britain announced coordinated  sanctions on Wednesday against Russia-based web company Media Land, accusing it of supporting  ransomware  operations.

U.S. Treasury’s Office of Foreign Assets Control also designated three members of the Russian company’s leadership  and  three of its sister companies, the Department of Treasury said in a statement.

“These so-called bulletproof hosting service providers like Media Land  provide  cybercriminals essential services to aid them in attacking businesses in the United States  and  in allied countries,” said John Hurley, under secretary of the treasury for terrorism  and  financial intelligence.

Britain said the  sanctions exposed “illicit Russian networks enabling  cyber  attacks around the world”  and  marked the country’s latest crackdown on malicious  Russian  cybercrime.

The Russian embassy in London did not immediately respond to a request for comment.

Britain described Media Land  as one of the most significant operators of so-called bulletproof hosting services, which provide infrastructure for  ransomware  and  phishing attacks.

It announced similar measures to the United States, adding Aeza Group LLC to its Russia  sanctions regime  and  six designations under its  cyber  regime.

Those include Media Land  and  another hosting provider, ML.Cloud LLC, along with four individuals accused of involvement in malicious  cyber  activity.

UK  sanctions include asset freezes  and  director disqualification orders for all targets, with travel bans applied to the four individuals.

Aeza Group also faces restrictions on internet  and  trust services, which prohibit British businesses from providing technical support or hosting services.

Britain also targeted the person it described as Media Land’s ringleader Alexander Volosovik, known online as “Yalishanda”, who has been active in the  cyber  underground since at least 2010  and  linked to groups such as Evil Corp, LockBit  and  Black Basta.

ML.Cloud is a Media Land  sister company whose technical infrastructure is often  used in conjunction with Media Land, including in  ransomware  and  DDOS attacks, the U.S. statement said.

Neither Aeza Group nor ML.Cloud immediately responded to a request for comment. It was not immediately possible to reach Media Land  or Volosovik.

Australia said it was imposing similar measures to align with its partners, citing the need to disrupt  ransomware  networks that have hit hospitals, schools  and  businesses.

(Except the headline, this story has not been edited by Firstpost staff.)