Russian Hosting Provider ‘Media Land’ Sanctioned for Supporting LockBit, BlackSuit, and Play Ransomware
Published on November 20, 2025
Key Takeaways
- International action: U.S., U.K, and Australia sanctioned Media Land LLC, a Russian bulletproof hosting provider, for its role in enabling global cybercrime.
- Entities targeted: The sanctions target Media Land, its leadership, and affiliated companies for supporting notorious ransomware groups.
- Cybercrime nexus: The provider is accused of providing infrastructure to notorious ransomware actors.
The United States, the United Kingdom, and Australia have announced sanctions against Media Land LLC, a Russian bulletproof hosting (BPH) provider. The action, led by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), targets the company for providing essential services to criminal marketplaces and ransomware actors.
Key Individuals and Companies Implicated in Media Land Cybercrime
Media Land LLC is accused of providing BPH services that helped Lockbit, BlackSuit, Play, Evil Corp, Black Basta, and other threat actors carry out multiple distributed denial-of-service (DDoS) attacks against U.S. companies and critical infrastructure.
The sanctions extend beyond Media Land to include key figures within its leadership and several sister companies.
- Aleksandr Volosovik, the general director of Media Land, was specifically named for his alleged role in advertising the company's illicit services on cybercrime forums under the alias “Yalishanda,” providing servers and troubleshooting for ransomware and DDoS actors.
- Kirill Zatolokin and Yulia Pankova were also designated for their operational and financial support roles, including collecting payments and assisting Volosovik with legal matters.
- The ML Cloud sister company, whose technical infrastructure was allegedly used in ransomware and DDoS attacks as well.
- Media Land Technology (MLT) and Data Center Kirishi (DC Kirishi), which are 100 percent-owned subsidiaries of Media Land.
The designations effectively block all property and interests of these individuals and entities within U.S. jurisdiction.
These Russian bulletproof hosting sanctions are part of a wider indictment that included sanctions against Aeza Group for providing bulletproof services to the Social Design Agency – a Russian disinformation agency sanctioned by the U.K. in 2024 for its “attempts to destabilise Ukraine and undermine democracies globally.”
“Putin has turned Russia into a safe haven for these malicious cyber criminals, cultivating a dark criminal ecosystem with deep ties to the Kremlin,” the British government press release said.
Broader Implications of International Cybersecurity Measures
Bulletproof hosting services are critical for threat actors, offering specialized servers and infrastructure designed to resist takedowns and hide malicious activity. In conjunction with the sanctions, the Five Eyes nations also released guidance for organizations on defending against the risks posed by BPH providers.
A BlackSuit Ransomware takedown in August disabled 9 domains and 4 servers, seizing $1 million. In March, hackers targeted enterprise networks with BlackSuit ransomware via a trojanized Zoom installer.
A recent intrusion analysis revealed an overlap in RansomHub, DragonForce, and Play ransomware operations.
The U.K. in 2024 unmasked a high-ranking affiliate of the notorious LockBit ransomware group and the alleged leader of Evil Corp, Maksim Yakubets, who is tied to Russia's state-backed cyber activities.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular