The United States, United Kingdom, and Australia have taken coordinated action against a Russian network accused of powering ransomware attacks around the world. Authorities sanctioned Media Land, a Russian bulletproof web hosting provider, after investigators linked its servers to cyberattacks targeting U.S. companies and critical infrastructure. Officials said the company built a system designed to shield criminal activity from law enforcement, making it a reliable base for ransomware operators.
Media Land and three related firms were named in the sanctions, along with several executives. The group’s general director, known online as Yalishanda, allegedly helped cybercriminals run their operations by offering servers, technical support, and troubleshooting when attacks were underway. Officials said several employees worked directly with criminal hackers and even helped them maintain their infrastructure.
Investigators said ransomware groups relied heavily on Media Land’s bulletproof web hosting environment. The list included LockBit, BlackSuit, and Play, which are among the most active ransomware gangs in the world. These groups used the company’s network to carry out attacks, hide their tracks, and launch large denial-of-service operations against victims.
Bulletproof providers promote their systems as resistant to law enforcement. This makes them a natural choice for criminals looking to avoid takedowns or legal demands. U.S. officials said that companies like Media Land make it easier for ransomware groups to attack businesses across the United States and allied countries. Authorities did not identify the specific victims but stressed that the infrastructure enabled a long list of destructive operations.
The United Kingdom issued its own statement announcing sanctions on Hypercore, a company based in Britain. Officials said Hypercore operated as a front for Aeza Group, another bulletproof hosting provider that the United States sanctioned earlier this year. The British government added that Aeza has ties to the Kremlin through a disinformation organization known as the Social Design Agency.
These sanctions make it illegal for people or companies in the United States, United Kingdom, or Australia to do business with the entities involved. The restrictions cut access to financial services, limit commercial activity, and isolate the companies from global markets.
To help organizations strengthen their defenses, the U.S. cybersecurity agency CISA and the National Security Agency released guidance on reducing risks linked to bulletproof web hosting services. The agencies encouraged businesses to harden systems, review their supply chains, and take extra precautions when handling external infrastructure.
