Do Russian cyber firms back ransomware attacks? US, UK and Australia strike hard in coordination

The United States, Britain and Australia unveiled a coordinated wave of sanctions on Wednesday targeting Russia-based web company Media Land, accusing it of supplying critical support to ransomware groups.

The US Treasury’s Office of Foreign Assets Control imposed sanctions on the company, three members of its leadership and three affiliated firms. According to the Treasury, Media Land and similar “bulletproof hosting” providers offer cybercriminals the backbone infrastructure they need to carry out attacks across the United States and allied nations.

“These so-called bulletproof hosting service providers like Media Land provide cybercriminals essential services to aid them in attacking businesses in the United States and in allied countries,” said John Hurley, under secretary for terrorism and financial intelligence.

The UK government echoed Washington’s assessment, saying the coordinated measures exposed “illicit Russian networks enabling cyber attacks around the world.” British authorities described Media Land as one of the most prominent operators of bulletproof hosting systems used to facilitate ransomware and phishing campaigns.

London announced actions mirroring those of the US, adding Aeza Group LLC to its Russia sanctions list and issuing six designations under its cyber sanctions regime. The UK measures target Media Land, ML.Cloud LLC and four individuals accused of engaging in malicious cyber operations.

The sanctions package includes asset freezes and director disqualification orders for all designated entities, while travel bans have been imposed on the four individuals. Aeza Group additionally faces restrictions on internet and trust services, barring UK companies from offering technical support or hosting services to it.

Britain also targeted the person it described as Media Land’s ringleader Alexander Volosovik, known online as ”Yalishanda”, who has been active in the cyber underground since at least 2010 and linked to groups such as Evil Corp, LockBit and Black Basta.

ML.Cloud is a Media Land sister company whose technical infrastructure is often used in conjunction with Media Land, including in ransomware and DDOS attacks, the U.S. statement said.

Neither Aeza Group nor ML.Cloud immediately responded to a request for comment. It was not immediately possible to reach Media Land or Volosovik.

Australia said it was imposing similar measures to align with its partners, citing the need to disrupt ransomware networks that have hit hospitals, schools and businesses.

With inputs from agencies