"The victims in this case are not only in Ohio, but also in 20 other states across the country, touching every aspect of Americans' lives. They include banks, schools, government entities, hospitals, and media companies," said United States Attorney David M. Toepfer.
The accused: Aleksandr Volosovik, Yulia Pankova, and Kirill Zatolokin
U.S. federal prosecutors unsealed charges on Tuesday against three Russian nationals accused of operating bulletproof hosting (BPH) services that supported a range of cybercriminal activity. The indictment names Aleksandr Volosovik — who used the alias "Yalishanda" on cybercriminal forums — as the owner of Media Land. It identifies Yulia Pankova as the owner of ML.Cloud who "assisted with legal and financial matters," and Kirill Zatolokin as the person who collected customer payments.
How Media Land and ML.Cloud operated
Prosecutors describe Media Land and ML.Cloud as "bulletproof" hosting providers: firms that lease servers and deliberately hinder disruption efforts targeting criminal customers. According to the unsealed indictment, those services provided infrastructure for malware delivery, command-and-control operations, phishing attacks, and the hosting of illicit content. The companies marketed themselves as "bulletproof" by ignoring victims' complaints and law enforcement takedown requests.
The two services also supplied customer infrastructure outside Russia — specifically in China, Finland, the Netherlands, as well as the United States — creating a geographically dispersed hosting footprint that prosecutors say enabled continued malicious activity.
Victims, methods, and scale: $62 million and wide-ranging targets
Prosecutors allege the BPH-supported ransomware operations caused more than $62 million in damages to victims worldwide. The Department of Justice and the United States Attorney singled out a range of victim types echoed in Toepfer’s statement: banks, schools, government entities, hospitals, and media companies. The indictment and related statements also note that Media Land's infrastructure was used to launch distributed denial-of-service (DDoS) attacks against U.S. companies and critical infrastructure, including telecommunications systems.
Prosecutors have tied the services to support for multiple ransomware and cybercrime operations named in prior public actions: Lockbit, Blacksuit, and Play.
Sanctions and a $10 million Rewards for Justice offer
The actions against the defendants come after prior sanctions: in November, the United States, the United Kingdom, and Australia sanctioned the three defendants and the two companies for providing attack infrastructure and technical support to multiple ransomware and cybercrime operations. This week, the Council of the European Union also announced sanctions against Media Land, ML.Cloud, and Alexander Volosovik as part of what the council called the first joint cyber sanctions package issued against Russia in collaboration with the United Kingdom.
In addition to criminal charges and sanctions, the U.S. Department of State is offering a reward of up to $10 million through its Rewards for Justice (RFJ) program. The RFJ solicitation asks for information "on foreign government-linked associates of these actors, their malicious cyber activities, or foreign government-linked use of these companies." A linked RFJ tweet noted: "Your assistance could lead to a reward and relocation."
What this means for banks, hospitals, and government entities
- Banks: Prosecutors explicitly include banks among the victims; the indictment and sanctions indicate law enforcement sees financial institutions as high-value targets that relied, in some incidents, on infrastructure provided by Media Land and ML.Cloud.
- Hospitals and schools: The U.S. attorney’s description of victims names hospitals and schools — entities whose disruption can have immediate public-safety implications — underscoring the prosecutors' contention that BPH-supported activity reached essential services.
- Government entities and media companies: The presence of government entities and media companies on the victim list aligns with the DOJ’s broader framing of the defendants' activities as attacks "that support our communities," a phrase used by United States Attorney David M. Toepfer when announcing the charges.
The combined approach — criminal indictment, economic sanctions from multiple Western partners, and a high-value Rewards for Justice offer — bundles legal, financial, and intelligence incentives aimed at disrupting alleged operators of BPH services and uncovering any foreign government-linked relationships. The indictment unsealed on Tuesday and the recent multilateral sanctions make clear that prosecutors and allied governments view these hosting providers as a critical enabler of ransomware and DDoS operations that have caused substantial damage across a broad set of victims.
As prosecutors pursue the case and international partners maintain pressure through sanctions and rewards, the unanswered, operational question prosecutors have framed for the public is explicit in the RFJ call: what foreign government-linked associates — if any — facilitated or used these companies?
Source: BleepingComputer — US charges alleged operators of Russian bulletproof hosting service




