International authorities increase their efforts to stop groups and people with the LockBit ransomware in order to target unsuspecting users. The youngest was the procedure against the Zservers based in Russia, a bulletproof hosting provider that allegedly had connections to the attract bitbit cryptocurrency ransomware group.
In a media declaration, the Australian Federal Police (AFP) announced that they worked with the USA and Great Britain to belong, freeze and ban the assets, the Zservers and its subsidiary, Xhost Internet Solutions LP.
According to the AFP report, over 200 crypto accounts that allegedly belong to the group were frozen by the authorities, which has reduced the group’s source of financing.
Zservers met with sanctions
Zservers, a BPH service provider based in Russia (Bulletproof Hosting), is now confronted with sanctions for their connections to the Lockbit gang. Lockbit is a Russian group that has been known for providing one of the most dangerous ransomware attacks in recent years.
🚨 sanctioned: Russian cyber company Zservers, the launch pad for paralyzing ransomware attacks and its British Front Xhost Internet Solutions LP.
The United Kingdom makes the Russian cybercrime supply chain and the predatory ransomware activity that feeds it. pic.twitter.com/Aze80qrxmt
– Foreign, Commonwealth & Development Office (@fcdogovuk) February 11, 2025
In November 2023, the group aimed at the Industrial Commercial Bank of China. Several reports show that China’s largest lender paid for the hacking ransom. The hackers were successful and the bank’s company emails were no longer working and forced the employees to use Mail Mail.
A BPH service provider (Bulletproof Hosting) such as ZServers offers access to specialized servers and infrastructures, which are shown for the circumference of operators, the discovery and rock of the law.
According to the US finance department, this type of company often sells tools for bad actors who can hide identities, locations and online identities. Bradley Smith from the US Ministry of Finance said that companies such as Zservers enable criminals to attack the online infrastructure of the USA and other countries.
What is the attraction ransomware and how does it work?
Lockbit works as a “ransomware-as-a-service” product, which means that every person or group can buy and use their prefabricated ransomware program even without technical skills and target unsuspecting users.
Ransomware is a malicious software with which devices and networks can attack and files and data can be encrypted, which makes it worthless.
Traditionally, hackers and cyber criminal ransomware use to request payments from victims to restore lost or encrypted data. The victims often pay the ransom in cryptocurrency.
Crypto addresses of ZServers administrators who are now sanctioned
As part of the procedure of the authorities, the assets of the administrators of Zservers are currently in the queue. Six people are reportedly targeted, including two ZServer administrators, Aleksandr Sergeyevich Bolshakov and Alexander Igorevich Mishin, who are involved in Lockbits Crypto transactions.
According to Chainanalysis, there is now a crypto address that is connected to the company with Minchin and three other wallets, now under the control of the US Ministry of Finance for Foreign Assets (OFAC), which means that they are subject to sanctions.
The office also announced that the group with 44 Tordano Barad addresses washed a crypto worth around 7 billion US dollars.
Selected picture of Gemini Imageen, Diagram from Tradingview