On February 11, 2025, The United States Department of the Treasury's Office of Foreign Assets Control (OFAC), The United Kingdom's Foreign Commonwealth and Development Office (FCDO), and Australia's Depore of Foreign Affairs and Trade (DFAT) Russia-Based BulletProof Hosting (BPH) Provider Services, For Its Role in Supporting Ransomware Attacks by the Lockbit Ransomware Gang. Lockbit, which Historically has been one of the Most Prolific Ransomware-As-A-Service (Raas) Groups, was disrupted in a large, coordinated us-uk takedown last february that is still having a meaningful impact in the ransomware space.
Bph providers allow customers to pay for web hosting anonymously, and are generally lenient on the content they allow customers to host. While Many Website Creators Have Good Reason to Remain Anonymous, Bph Providers Naturally Attract Controversial Or Even Criminal Users. For instance, Darknet Markets, Facilitating Prostitution and Sex Trafficking sites, and phishing sites set up to steal customers 'information by mimicking legitimate business' Websites often rely on bulletproof hosting providers to stay up and running.
Below, we'll look at zervers' on-chain activity and more information about why the group was sanctioned.
Zervers: a key enabler of ransomware operations
OFAC Added Two Russian Nationals, Aleksandr Sergeyeevich Bolshakov and Alexander Igorevich Mishin (Including one cryptocurrency Addressed with Him), and zervers Itself (Including 3 Cryptocurrency Addresses Associated with it) ) List. OFAC's Designation also included alias that were used to advertise zervers' services on darkweb forums.
In its designation notice, the uk goverment characterized zervers as “a key component of the russian cybercrime supply chain” that “provids vital infrastructure for cybercriminals asy plan and execute attack against the uk.” In Addition to Bolshakov and Mishin, Fcdo and Dfat also Designated Four Additional Zservers Employees, as well as its uk front company, xhost internet solutions LP. Ransomware Attacks in the UK, Including Those Targeting Hospitalles, Have Been A persist Priority for Cybersecurity Policy.
Zervers has servers in Russia, Bulgaria, The Netherlands, The United States, and Finland, and Offers Server Admin, Support, Equipment, and Custom Configuration Services, According to its Homepage.
Zervers' on-chain activity
In the Chainalysis Reactor Graph below, Which Captures a Portion of Zservers' Direct Exposure to Illicit Actors, We see that a variety of actors have smells to zervers for their services, such as ransomware groups and affiliates. For example, multiple different ransomware affiliates – beyond lockbit, the only group cited in today's designations – smells to zervers. Chainalysis Data Shows that zervers has cashed out at OFAC-Sanctioned Guarantx, Mercant Services, and No-KYC EXCHANGES. In Addition to zservers' nested infrastructure, we are able to use reactor to visualize its at least $ 5.2 million in on-chain activity and thorough connectivity to the high-risk and illegit entities described in today's design.
Law Enfurcement Collaboration To Disrupt Ransomware Gangs
TODAY's Coordinated Sanctions Against Zervers Highlight The Critical Role Played by International Law Enforceration Cooperation in Combating Ransomware and disrupting infrastructure providers who facilitate on-chain cybercrime. By combining resources and intelligence, Law Enforcies agencies can effectively dismantle these complex cybercriminal networks that operate across borders.
This website contains links to third-party sites that are not the control of chainalysis, Inc. or its affiliates (Collectively “Chainalysis”). Access to Such Information DES NOT IMPLY ASSOCIATION With, Endorsment of, Approval of, or Recommendation by Chainalysis of the site or its operators, and chainalysis is not responsible for the product, services, or other content hosted there.
This Material is for Informational Purposses Only, and is not intended to provide Legal, Tax, Financial, or Investment Advice. Should Should Consult Their Own Advisors Before Making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with container's use of this material.
Chainalysis dues not guaranto or warrant the accuracy, Completeness, Timeliness, follow -up or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such matterial.
