Australia, US and UK sanction Russian cyber firms over ransomware links

The United States, Australia and Britain announced coordinated sanctions against Russia-based web company Media Land, accusing it of supporting ransomware operations.

US Treasury's Office of Foreign Assets Control also designated three members of the Russian company's leadership and three of its sister companies, it said in a statement.

"These so-called bulletproof hosting service providers like Media Land provide cybercriminals essential services to aid them in attacking businesses in the United States and in allied countries," said John Hurley, under secretary of the treasury for terrorism and financial intelligence.

Britain said the sanctions exposed "illicit Russian networks enabling cyber attacks around the world" and marked the country's latest crackdown on malicious Russian cybercrime.

The Russian embassy in London did not immediately respond to a request for comment.

Britain described Media Land as one of the most significant operators of so-called bulletproof hosting services, which provide infrastructure for ransomware and phishing attacks.

It announced similar measures to the United States, adding Aeza Group LLC to its Russia sanctions regime and six designations under its cyber regime.

Those include Media Land and another hosting provider, ML.Cloud LLC, along with four individuals accused of involvement in malicious cyber activity.

UK sanctions include asset freezes and director disqualification orders for all targets, with travel bans applied to the four individuals.

Aeza Group also faces restrictions on internet and trust services, which prohibit British businesses from providing technical support or hosting services.

Britain also targeted the person it described as Media Land's ringleader Alexander Volosovik, known online as "Yalishanda", who has been active in the cyber underground since at least 2010 and linked to groups such as Evil Corp, LockBit and Black Basta.

ML.Cloud is a Media Land sister company whose technical infrastructure is often used in conjunction with Media Land, including in ransomware and DDOS attacks, the US statement said.

Neither Aeza Group nor ML.Cloud immediately responded to a request for comment. It was not immediately possible to reach Media Land or Volosovik.

Australia said it was imposing similar measures to align with its partners, citing the need to disrupt ransomware networks that have hit hospitals, schools and businesses.