US indicts three Russians accused of powering global cybercrime | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


A seven-year investigation has culminated in criminal charges against three Russian nationals accused of operating a “bulletproof hosting” network that enabled ransomware, phishing, malware, and other cybercriminal operations responsible for more than $62 million in victim losses.

The indictment, unsealed this week by the U.S. Department of Justice, alleges the defendants provided specialized internet infrastructure to help cybercriminals avoid detection and remain online despite repeated complaints of abuse and law enforcement efforts.

Key takeaways

  • Three Russian nationals have been indicted over an alleged bulletproof hosting operation
  • Prosecutors say the infrastructure supported ransomware, phishing, malware, and data theft campaigns
  • Victims in 21 U.S. states and several other countries allegedly suffered more than $62 million in losses
  • The investigation lasted seven years and involved multiple U.S. and international agencies
  • The U.S. State Department is offering up to $10 million for information leading to the defendants or others linked to the operation

What is bulletproof hosting?

Unlike legitimate hosting providers, bulletproof hosting (BPH) services intentionally cater to cybercriminals.

These providers typically ignore abuse complaints, shield customers’ identities, rapidly move malicious infrastructure between servers, and make it difficult for authorities to shut down criminal operations.

Bulletproof hosting has become a key enabler of modern cybercrime. Instead of creating malware themselves, operators sell resilient infrastructure that allows ransomware affiliates, phishing kits, botnets, credential theft campaigns, and information stealers to remain operational for longer.

Inside the operation

The indictment alleges Alexander Alexandrovich Volosovik (43), Kirill Andreevich Zatolokin (34), and Yulia Vladimirovna Pankova (29), all from St. Petersburg, operated two companies—Media Land LLC and ML.Cloud LLC—that provided hosting services designed to support criminal customers.

Investigators say the companies maintained infrastructure in multiple countries, including the United States, the Netherlands, Finland, and China, allowing criminal customers to continue operating even after abuse complaints, domain takedowns, or server seizures.

The defendants face charges including:

  • Conspiracy to commit computer fraud
  • Wire fraud
  • Conspiracy to commit wire fraud
  • Money laundering conspiracy
  • Aiding and abetting computer fraud

As with all criminal indictments, the allegations remain unsubstantiated unless proven in court.

Cybercrime as a business

Authorities say the hosting network supported numerous forms of cybercrime rather than carrying out individual attacks itself.

According to prosecutors, customers allegedly used the infrastructure to launch:

  • Ransomware attacks
  • Credential theft campaigns
  • Banking malware operations
  • Phishing websites
  • Information-stealing malware
  • Distributed denial-of-service (DDoS) attacks
  • Other forms of online fraud

The Justice Department says victims included organizations connected to U.S. critical infrastructure, businesses, schools, hospitals, and other entities in 21 states, with additional victims in several foreign countries. Total losses exceeded $62 million.

According to the Bitdefender 2026 Global Scam Intelligence Report, many scam operations follow predictable work schedules, reinforcing what investigators increasingly observe: modern cybercrime operates much like a legitimate business, complete with specialized service providers, dedicated infrastructure, and distinct roles within the criminal ecosystem.

While ransomware groups and malware developers often dominate the headlines, bulletproof hosting providers play a critical supporting role in the cybercrime ecosystem.

Without reliable infrastructure, many criminal campaigns would be disrupted much more quickly through reports of abuse, domain takedowns, or server seizures.

By offering resilient hosting, anonymous payment methods, and a willingness to ignore illegal activity, these providers reduce operational risk for cybercriminals and allow attacks to scale across thousands of victims.

A seven-year investigation

The indictment is the result of a seven-year investigation led by the FBI and the U.S. Attorney’s Office for the Northern District of Ohio, working with numerous domestic and international partners.

Alongside the criminal charges, the U.S. Department of State announced a reward of up to $10 million for information leading to the defendants or other individuals acting on behalf of foreign governments who participated in the malicious cyber activities described in the case.

How to stay protected

Although consumers can’t control the infrastructure criminals use, they can reduce their exposure by following a few best practices:

  • Keep operating systems and software fully updated
  • Be cautious with unsolicited emails, messages, and download links
  • Enable multi-factor authentication wherever possible
  • Maintain regular offline or cloud backups to reduce ransomware impact
  • Use a trusted security solution capable of detecting phishing, malware, and ransomware before they execute

You may also want to read:

After years on the run, alleged Ryuk ransomware operator pleads guilty

Scam centers keep office hours — because fraud is a business

INTERPOL crackdown shows scammers shifting to social media

——————————————————–


Click Here For The Original Source.

.........................

National Cyber Security

FREE
VIEW