US charges three Russians for operating “bulletproof” hosting services that aided major ransomware gangs in stealing $62 million.
In a massive, coordinated blow against the backbone of global digital extortion, federal prosecutors have unsealed a major criminal indictment targeting the vital infrastructure that keeps hackers online. On Tuesday, July 14, 2026, the U.S. Department of Justice publicly charged three Russian nationals and their two St. Petersburg-based web hosting companies for operating “bulletproof” hosting networks. The specialized services acted as a digital haven, purposefully shielding prolific ransomware gangs, phishing operators, and carding marketplaces from international law enforcement. By intentionally ignoring abuse complaints and rapidly shifting malicious servers across borders, the defendants allegedly enabled cybercriminals to steal over $62 million from critical infrastructure, healthcare systems, and everyday victims.
The legal action, filed in the U.S. District Court for the Northern District of Ohio, names Alexander Alexandrovich Volosovik, Kirill Andreevich Zatolokin, and Yulia Vladimirovna Pankova as the masterminds behind Media Land LLC and ML.Cloud LLC. Unlike legitimate hosting providers that quickly suspend clients engaged in illegal activity, these “bulletproof” companies catered exclusively to threat actors. Their distributed infrastructure spanned multiple jurisdictions, including China, the Netherlands, Finland, and even the United States. This vast footprint allowed criminal organizations to deploy notorious ransomware strains like LockBit, BlackSuit, and Play, as well as host black-market hubs specializing in stolen financial data. The federal indictment charges the trio with conspiracy to commit computer fraud, wire fraud, and money laundering.
The primary motivation explaining why these web hosts operated is simple: profit, bolstered by geopolitical immunity. Operating out of Russia, which historically has not extradited its citizens to the West, the defendants offered technical support and guaranteed uptime to hackers in exchange for a cut of the illicit proceeds. In response, the U.S. State Department’s Rewards for Justice program has announced a bounty of up to $10 million for information leading to their arrest or linking them to foreign governments. The charges represent a significant milestone for “Operation Riptide”, the FBI’s ongoing campaign to dismantle the physical server networks that threat actors systematically rely on to launch their devastating attacks.
See Also: Microsoft Blocks Windows 11 Update on Dell PCs Over Serious Overheating Bug
The unsealing of this case comes after an exhaustive, seven-year investigation led by the FBI and international partners, including the United Kingdom’s National Cyber Crime Unit and authorities in the Netherlands. Because these companies were previously sanctioned in late 2025, this criminal indictment marks a major escalation from financial blacklist to active criminal pursuit. While physical arrests remain unlikely unless the defendants travel outside of Russia, the public unmasking of their infrastructure severely degrades their ability to conduct business with global credit networks and data centers.

