3 min read

US indicts alleged Russian bulletproof hosting trio

US charges three Russians tied to Media Land and ML.Cloud, accused of backing ransomware and DDoS campaigns that caused over $62M in damages.

Image: BleepingComputer

US targets alleged Russian bulletproof hosting operators

U.S. federal prosecutors have unsealed charges against three Russian nationals, accusing them of running bulletproof hosting (BPH) services that supported ransomware and other cybercrime causing over $62 million in damages worldwide.

BPH providers lease infrastructure designed to resist takedowns, shielding:

  • malware delivery and command‑and‑control systems
  • phishing campaigns
  • illicit content hosting

They market their services as “bulletproof” by ignoring victim complaints and law enforcement requests to shut down infrastructure.

Media Land and ML.Cloud infrastructure

The indictment links the trio to two services, Media Land and ML.Cloud, which prosecutors say provided infrastructure in multiple countries outside Russia, including China, Finland, the Netherlands, and the United States.

According to the unsealed indictment:

Recommended reading

Mira Murati’s lab unveils Inkling, a 975B open model

  • Aleksandr Volosovik, who used the alias “Yalishanda” on cybercriminal forums, allegedly owned Media Land
  • Yulia Pankova allegedly owned ML Cloud and handled legal and financial matters
  • Kirill Zatolokin allegedly collected customer payments

The U.S. describes the services as core infrastructure for a range of criminal operations, from ransomware to distributed denial‑of‑service campaigns.

$10 million reward for information

The U.S. Department of State is offering a reward of up to $10 million through its Rewards for Justice (RFJ) program for information:

“on foreign government-linked associates of these actors, their malicious cyber activities, or foreign government-linked use of these companies.”

The RFJ announcement was published on July 14, 2026.

Previous sanctions and DDoS activity

The United States, the United Kingdom, and Australia had already sanctioned the three defendants and the two companies in November, citing their role in providing attack infrastructure and technical support to multiple ransomware and cybercrime operations, including Lockbit, Blacksuit, and Play.

At the time, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) said that Media Land’s infrastructure had been used to launch distributed denial-of-service (DDoS) attacks against U.S. companies and critical infrastructure, including telecommunications systems.

United States Attorney David M. Toepfer emphasized the breadth of the alleged victim pool:

“The victims in this case are not only in Ohio, but also in 20 other states across the country, touching every aspect of Americans' lives. They include banks, schools, government entities, hospitals, and media companies.”

He added:

“Together with our international partners, we will aggressively combat the efforts of individuals who hide behind computers anywhere in the world who seek to profit and wreak havoc by targeting the infrastructures that support our communities.”

EU joins coordinated cyber sanctions

This week, the Council of the European Union also announced sanctions against Media Land, ML.Cloud, and Alexander Volosovik. The move is part of the first joint cyber sanctions package issued against Russia in collaboration with the United Kingdom.

The coordinated actions from the U.S., U.K., Australia, and the EU underline that hosting providers marketed as “bulletproof” are now squarely in the crosshairs of international cybercrime enforcement.

Ava Chen

AI Editor

Ava covers the rapidly evolving world of artificial intelligence, from foundational models and research labs to the real-world economics of intelligence. With a background in computational linguistics, she cuts through the hype to find out what actually works. She firmly believes that benchmarks are just marketing until reproduced in the wild.

via BleepingComputer

// Keep reading