The UK’s Nationwide Crime Company (NCA), working with worldwide regulation enforcement companies, has uncovered and sanctioned Alexander Volosovik, additionally recognized on-line as “Yalishanda,” Downlow”, and “Stas_vl” for working a long-standing bulletproof internet hosting operation that has supported main cybercrime and ransomware teams like LockBit, Evil Corp and BlackBasta.
Volosovik operated underneath the names Media Land LLC and ML.Cloud LLC, each based mostly in Russia. In keeping with the NCA, his infrastructure gave ransomware gangs and malware operators the instruments to hold out cyber assaults that precipitated critical injury to organisations world wide, from monetary losses to disrupted operations.
Volosovik’s Internet hosting Helped 8chan Return After Takedown
In keeping with cybersecurity journalist Brian Krebs’ report from 2019, Volosovik is the world’s largest “bulletproof” internet hosting operator. His infrastructure has been used to help a variety of unlawful on-line exercise, from phishing websites to stolen information markets.
One notable case was the return of 8chan, later rebranded as 8kun, which got here again on-line utilizing IP house supplied by Volosovik’s firm, Media Land LLC. Regardless of dealing with widespread deplatforming, 8chan was in a position to resume operations by means of this internet hosting setup, which was designed to withstand takedown efforts and obscure the identities of its purchasers.
Bulletproof internet hosting suppliers play a behind-the-scenes function within the cybercrime economic system. They provide internet hosting that ignores abuse complaints, hides person identities, and actively resists takedowns by regulation enforcement. This makes them a priceless service for cybercriminals who wish to function with much less threat of being stopped.
Sanctions from the UK and 5 Eyes
The UK’s Overseas, Commonwealth and Growth Workplace (FCDO) introduced sanctions in opposition to Volosovik and three of his associates. This transfer was coordinated with comparable actions from the US Treasury’s OFAC and Australia’s Division of Overseas Affairs and Commerce.
The NCA stated the motion is a part of a broader technique to focus on help providers that make cybercrime simpler and extra scalable. Whereas ransomware operators usually get the headlines, operations like Volosovik’s are what hold these assaults working behind the scenes.
To help the sanctions, the NCA and its 5 Eyes companions (Australia, Canada, New Zealand, the US and the UK) have issued alerts to trade warning concerning the dangers tied to bulletproof internet hosting providers like Media Land and AEZA, one other Russia-based bulletproof internet hosting service.
Ransomware continues to be one of many most damaging types of cybercrime. Victims within the UK and globally have included sectors like telecoms, finance and significant infrastructure. Internet hosting providers that give secure infrastructure to ransomware teams make it more durable for authorities to cease assaults earlier than they unfold.
Paul Foster, Deputy Director of the NCA’s Nationwide Cyber Crime Unit, stated providers like Media Land permit cybercriminals to launch and monetise assaults with confidence. He added that at this time’s coordinated motion is designed to weaken that digital protect.
Dutch Police Seize 250 Servers in Bulletproof Internet hosting Crackdown
Whereas the NCA says it can proceed working with worldwide allies to disrupt these operations and cease sanctioned providers from abusing infrastructure throughout the UK, in a separate operation within the Netherlands, authorities seized round 250 bodily servers utilized by an unknown bulletproof internet hosting supplier that had been lively since 2022 and linked to greater than 80 cybercrime investigations
In keeping with the Dutch Police’s press launch, the service supplied nameless VPS and RDP entry with out identification verification or logs, which made it a go‑to platform for ransomware actors, phishing networks and malware operations.
Investigators now have entry to the {hardware} and 1000’s of digital servers taken offline, giving them a uncommon window into how again‑finish infrastructure helps massive‑scale cybercrime.
