Skip to content

U.S. Indicts Three Russians and Two Bulletproof Hosting Companies Over $62M in Cybercrime Losses

The U.S. Justice Department has unsealed an indictment charging three Russian nationals and two St. Petersburg-based companies over an alleged bulletproof hosting operation that caused more than $62 million in losses to cybercrime victims.

The defendants are Alexander Alexandrovich Volosovik, Kirill Andreevich Zatolokin, Yulia Vladimirovna Pankova, Media Land LLC, and ML.Cloud LLC. The indictment was returned in December 2024 and unsealed on July 14, 2026, in the Northern District of Ohio.

Prosecutors charged the defendants with conspiracy to commit and aid and abet computer fraud, conspiracy to commit wire fraud, wire fraud, and conspiracy to commit money laundering.

Companies Allegedly Provided Bulletproof Hosting

Media Land and ML.Cloud allegedly supplied servers and related internet services designed to allow cybercriminal customers to conduct illegal activity while avoiding detection and disruption by law enforcement.

The companies are accused of providing bulletproof hosting infrastructure that allowed criminal groups to infect computers with ransomware and malware, extort victims for cryptocurrency, operate criminal marketplaces, register fraudulent domains, and launch phishing and brute-force attacks.

Media Land was owned by Volosovik, while ML.Cloud was owned by Pankova at the time of the investigation and indictment. Zatolokin allegedly worked for Media Land, collecting customer payments and coordinating with other malicious cyber actors.

Although the companies were headquartered in St. Petersburg, Media Land allegedly operated infrastructure in several countries, including China, Finland, the Netherlands, and the United States.

Banks, Hospitals and Government Entities Targeted

The Justice Department says criminal groups using the defendants’ infrastructure targeted 42 victims across 21 U.S. states.

The affected organizations included banks, schools, hospitals, government entities, media companies, and other institutions supporting communities and critical services.

Rewards for Justice says Media Land supplied services to multiple malicious cyber actors, including the LockBit, BlackSuit, and Play ransomware groups. The infrastructure was also allegedly used for distributed denial-of-service attacks, phishing campaigns, criminal forums, and online marketplaces.

The State Department says the operation supported hundreds of malicious cyber activities between 2016 and 2024, contributing to tens of millions of dollars in damages.

Up to $10 Million Reward Offered

Alongside the indictment, the State Department’s Rewards for Justice program announced an offer of up to $10 million for actionable information involving the defendants and their alleged activities.

The reward applies to information on foreign government-linked associates of Volosovik, Zatolokin, and Pankova, their malicious cyber activity, or foreign government-linked use of Media Land and ML.Cloud.

The program is also offering possible relocation for qualifying sources who provide actionable information.

Volosovik allegedly advertised Media Land on cybercriminal forums under the alias “Yalishanda,” promoting services designed to conceal malicious traffic, domains, and IP addresses. Rewards for Justice says he also supplied servers and troubleshooting assistance to ransomware and distributed denial-of-service actors.

Defendants Previously Sanctioned

The defendants and companies were previously targeted through coordinated U.S., U.K., and Australian sanctions announced in November 2025.

The sanctions included Volosovik, Zatolokin, Pankova, Media Land, ML.Cloud, Media Land Technology, and Data Center Kirishi.

U.S. sanctions generally block property and financial interests under American jurisdiction and prohibit U.S. persons from conducting unauthorized transactions with designated individuals and entities.

The criminal investigation was led by the FBI’s Cleveland Division with assistance from CISA and the Treasury Department’s Office of Foreign Assets Control. Authorities in the Netherlands, United Kingdom, and Australia also supported the investigation.

The case forms part of Operation Riptide, an FBI campaign targeting cybercriminal actors, infrastructure providers, and financial networks supporting ransomware, fraud, and other cyber-enabled crime.

Latest