The UK’s Nationwide Crime Company (NCA), working with worldwide legislation enforcement businesses, has uncovered and sanctioned Alexander Volosovik, additionally recognized on-line as “Yalishanda,” Downlow”, and “Stas_vl” for operating a long-standing bulletproof internet hosting operation that has supported main cybercrime and ransomware teams like LockBit, Evil Corp and BlackBasta.
Volosovik operated below the names Media Land LLC and ML.Cloud LLC, each primarily based in Russia. In accordance with the NCA, his infrastructure gave ransomware gangs and malware operators the instruments to hold out cyber assaults that precipitated severe injury to organisations all over the world, from monetary losses to disrupted operations.
Volosovik’s Internet hosting Helped 8chan Return After Takedown
In accordance with cybersecurity journalist Brian Krebs’ report from 2019, Volosovik is the world’s largest “bulletproof” internet hosting operator. His infrastructure has been used to help a variety of unlawful on-line exercise, from phishing websites to stolen information markets.
One notable case was the return of 8chan, later rebranded as 8kun, which got here again on-line utilizing IP area offered by Volosovik’s firm, Media Land LLC. Regardless of dealing with widespread deplatforming, 8chan was in a position to resume operations by way of this internet hosting setup, which was designed to withstand takedown efforts and obscure the identities of its purchasers.
Bulletproof internet hosting suppliers play a behind-the-scenes function within the cybercrime financial system. They provide internet hosting that ignores abuse complaints, hides consumer identities, and actively resists takedowns by legislation enforcement. This makes them a useful service for cybercriminals who need to function with much less danger of being stopped.
Sanctions from the UK and 5 Eyes
The UK’s Overseas, Commonwealth and Improvement Workplace (FCDO) introduced sanctions in opposition to Volosovik and three of his associates. This transfer was coordinated with related actions from the US Treasury’s OFAC and Australia’s Division of Overseas Affairs and Commerce.
The NCA mentioned the motion is a part of a broader technique to focus on help companies that make cybercrime simpler and extra scalable. Whereas ransomware operators usually get the headlines, operations like Volosovik’s are what maintain these assaults operating behind the scenes.
To help the sanctions, the NCA and its 5 Eyes companions (Australia, Canada, New Zealand, the US and the UK) have issued alerts to trade warning concerning the dangers tied to bulletproof internet hosting companies like Media Land and AEZA, one other Russia-based bulletproof hosting service.
Ransomware continues to be one of many most damaging types of cybercrime. Victims within the UK and globally have included sectors like telecoms, finance and demanding infrastructure. Internet hosting companies that give secure infrastructure to ransomware teams make it tougher for authorities to cease assaults earlier than they unfold.
Paul Foster, Deputy Director of the NCA’s Nationwide Cyber Crime Unit, mentioned companies like Media Land enable cybercriminals to launch and monetise assaults with confidence. He added that immediately’s coordinated motion is designed to weaken that digital protect.
Dutch Police Seize 250 Servers in Bulletproof Internet hosting Crackdown
Whereas the NCA says it is going to proceed working with worldwide allies to disrupt these operations and cease sanctioned companies from abusing infrastructure throughout the UK, in a separate operation within the Netherlands, authorities seized round 250 bodily servers utilized by an unknown bulletproof internet hosting supplier that had been energetic since 2022 and linked to greater than 80 cybercrime investigations
In accordance with the Dutch Police’s press launch, the service supplied nameless VPS and RDP entry with out identification verification or logs, which made it a go‑to platform for ransomware actors, phishing networks and malware operations.
Investigators now have entry to the {hardware} and hundreds of digital servers taken offline, giving them a uncommon window into how again‑finish infrastructure helps giant‑scale cybercrime.
