A Russian “Bulletproof Hosting” Network Kept Ransomware and Phishing Schemes Online, Prosecutors Say
Three Russian nationals are accused of running an internet hosting network that helped cybercriminals keep ransomware, phishing, malware, and data-theft operations online.
Federal prosecutors say the case involves more than $62 million in losses to victims in 21 U.S. states and several other countries. The alleged victims included banks, schools, hospitals, government entities, media companies, and organizations tied to critical infrastructure.
The defendants are Alexander Alexandrovich Volosovik, 43, Kirill Andreevich Zatolokin, 34, and Yulia Vladimirovna Pankova, 29, all of St. Petersburg, Russia.
The indictment also names Media Land LLC and ML.Cloud LLC, two St. Petersburg-based companies prosecutors say provided “bulletproof hosting” services to criminal customers.
The Case Centers on Cybercrime Infrastructure
The U.S. Attorney’s Office for the Northern District of Ohio said the indictment was unsealed after a seven-year investigation.
Prosecutors say the defendants supplied server infrastructure and technical support that allowed other cybercriminals to carry out attacks while avoiding detection.
Prosecutors say the companies provided infrastructure for computer servers and internet services, including systems that operated in the United States, China, Finland, the Netherlands, and other locations.
The government alleges the companies knowingly marketed or leased that infrastructure to cybercriminals.
The Alleged Victims Reached 21 States and Several Countries
Federal officials said 42 victims in 21 states were targeted by criminal groups that used Media Land’s and ML.Cloud’s services.
Ohio victims were located in Akron, Brookfield, Canton, Cleveland, Elyria, Findlay, Medina, Solon, and Valley View.
Prosecutors also listed victims in California, Florida, Georgia, Illinois, Louisiana, Maryland, Massachusetts, Michigan, Minnesota, New York, North Carolina, Pennsylvania, Texas, Virginia, Washington, Wisconsin, and other states.
International victims were located in Australia, the European Union, the United Arab Emirates, Canada, and the United Kingdom.
The Charges Include Fraud, Money Laundering, and Computer Crime Counts
The indictment charges the defendants with conspiracy to commit and aid and abet computer fraud, conspiracy to commit wire fraud, wire fraud, and conspiracy to commit money laundering.
The companies Media Land and ML.Cloud were also named in the indictment. Prosecutors say the alleged conduct caused tens of millions of dollars in losses.
The DOJ release places the total victim losses at more than $62 million, while also describing the case as part of a broader effort to disrupt the infrastructure that allows cybercrime to scale.
The State Department Is Offering a $10M Reward
The U.S. Department of State’s Rewards for Justice program is offering up to $10 million and possible relocation for actionable information connected to the defendants, foreign government-linked associates, or malicious cyber activity involving Media Land or ML.Cloud.
U.S. sanctions were announced in November 2025 against the defendants and companies.
The United Kingdom and Australia also joined sanctions activity connected to Media Land, ML.Cloud, and related entities, according to the DOJ.
Ransomware and Phishing Risk Often Starts Outside the Victim’s Network
Attackers often rely on outside infrastructure, including domains, hosting providers, email systems, malware servers, and cryptocurrency services, to keep campaigns running and make takedowns harder.
Organizations can reduce exposure by monitoring for suspicious logins, training employees to report phishing, using multifactor authentication, patching internet-facing systems, limiting remote access, segmenting networks, and keeping offline backups that cannot be reached from the main network.
Cyber incidents should be reported quickly to the organization’s security team, insurers, affected banks or vendors, and law enforcement. Ransomware and major cyber incidents can be reported to the FBI’s Internet Crime Complaint Center at IC3.gov and to CISA through its incident reporting channels at cisa.gov/report.