Sanctioning Key Infrastructure Enabling Russia-Based Ransomware Attacks

In coordination with Australia and the United Kingdom, the United States is today sanctioning Zservers, a Russia-based bulletproof hosting (BPH) services provider, and two Russian nationals serving as Zservers operators, for their roles in supporting LockBit ransomware attacks.  As a BPH service provider, Zservers provided cybercriminals access to specialized servers and other computer infrastructure designed to resist law enforcement action.

Russia continues to offer safe harbor for cybercriminals where groups are free to launch and support ransomware attacks against the United States and its allies and partners.  Today’s actions underscore the United States’ commitment, along with our international partners, to combating cybercrime and degrading the networks that enable cyber criminals to target our citizens.  We will continue to stand with our partners to disrupt ransomware actors that threaten our economies and critical infrastructure.

The Department of the Treasury actions today were taken pursuant to Executive Order (E.O.) 13694, as further amended by E.O. 14144.  For more information on today’s action, see Treasury’s press release.

The Department of the Treasury actions today follow two Department of State reward offers totaling up to $15 million for owners, operators, administrators, and affiliates of the LockBit ransomware variant, as well as a separate reward offer totaling up to $10 million for LockBit ransomware administrator Dmitry Khoroshev.  The reward offers were approved under the Department’s Transnational Organized Crime Rewards Program.