US Indicts Russian Bulletproof Hosting Provider Media Land and Three Operators
- Indictment Unsealed: The U.S. Attorney's Office for the Northern District of Ohio charged three Russian nationals over $62 million in cybercrime losses.
- Bulletproof Hosting: Media Land and ML.Cloud are accused of providing infrastructure supporting ransomware, malware, phishing, and DDoS attacks.
- Reward Offered: The State Department's Rewards for Justice program is offering up to $10 million for actionable information.
The U.S. Department of Justice unsealed an indictment on July 14, 2026, charging three Russian nationals and two companies and subsidiaries for international cybercrimes that caused more than $62 million in losses to victims across 20+ U.S. states and several other countries. The charges are the result of a seven-year FBI investigation.
Defendants and Charges in the Northern District of Ohio
A federal grand jury returned the indictment in December 2024, charging three individuals and two entities from St. Petersburg, Russia, on charges that include Conspiracy to Commit and Aid and Abet Computer Fraud, Conspiracy to Commit Wire Fraud, Wire Fraud, and Conspiracy to Commit Money Laundering:
- Alexander Alexandrovich Volosovik, 43 – alias "Yalishanda," owned Media Land.
- Kirill Andreevich Zatolokin, 34 – collected payments and coordinated services with cybercriminal clients.
- Yulia Vladimirovna Pankova, 29 – owned ML.Cloud.
- Media Land, LLC – with subsidiaries Media Land Technology (MLT) and Data Center Kirishi (DC Kirishi).
- ML.Cloud, LLC – Media Land’s sister company.
Bulletproof Hosting Powered Ransomware and Phishing
According to court documents, Media Land and ML.Cloud, both based in St. Petersburg, with infrastructure also operating out of China, Finland, the Netherlands, and the U.S., provided covert "bulletproof hosting" services for:
- malware and ransomware,
- extortion,
- criminal marketplaces,
- fraudulent domain registrations,
- DDoS attacks,
- phishing,
- brute force attacks.
Supporting LockBit, BlackSuit, and Play Ransomware
According to documents, Media Land's services were used by ransomware groups including LockBit, BlackSuit, and Play, along with cybercrime marketplaces, such as:
- Briansclub,
- Cardhouse,
- crdclub,
- Club2,
- Verified,
- Fullzinfo,
- Swipestore,
- Bidencash.
Victims included “banks, schools, government entities, hospitals, and media companies,” as per U.S. Attorney David M. Toepfer for the Northern District of Ohio, in at least 20 states, plus Australia, the EU, the UAE, Canada, and the U.K.
The State Department's Rewards for Justice program is offering up to $10 million and possible relocation for information on the defendants' foreign government ties or activities. Russia has no extradition treaty with the U.S., so the defendants are unlikely to face trial unless they leave Russia.
July 13, 2026, also sanctioned targeted Russia-related VKontakte over FSB-linked MaxApp surveillance, Lumma Stealer operators, and GRU officers.







