The US Department of the Treasury’s Office of Foreign Assets Control (OFAC), Australia’s Department of Foreign Affairs and Trade, and the United Kingdom’s Foreign Commonwealth and Development Office are jointly designating Zservers, a Russia-based bulletproof hosting (BPH) services provider, for its role in supporting LockBit ransomware attacks.
LockBit, a Russia-based ransomware group best known for its ransomware variant of the same name, is one of the most deployed ransomware variants and was responsible for the November 2023 attack against the Industrial Commercial Bank of China US broker-dealer as well as securities finance platform EquiLend in January 2024.
BPH service providers sell access to specialized servers and other computer infrastructure designed to evade detection and defy law enforcement attempts to disrupt these malicious activities. OFAC is also designating two Russian nationals who are key administrators of Zservers and have enabled ransomware attacks and other criminal activity.
“Ransomware actors and other cybercriminals rely on third-party network service providers like Zservers to enable their attacks on US and international critical infrastructure,” said acting under secretary of the Treasury for Terrorism and Financial Intelligence, Bradley Smith, in a statement. “Today’s trilateral action with Australia and the United Kingdom underscores our collective resolve to disrupt all aspects of this criminal ecosystem, wherever located, to protect our national security.”