Trump's first sanctions? US, UK and Australia impose restrictions on Russian cyber group

Zservers is reported to provide secure hosting services, which are used by cybercriminals to evade detection by law enforcement agencies. One of Zservers' clients was the hacker group LockBit, one of the most active ransomware operators on the internet.

LockBit's victims included tire manufacturer Continental, aerospace corporation Boeing, and the Subway restaurant chain. Last summer, one of LockBit's suspected accomplices was detained in Ukraine.

It is noted that Zservers knowingly provided infrastructure for carrying out cyberattacks, including IP addresses for coordinating and launching ransomware attacks.

Full list of those sanctioned today:

• ZSERVERS
• XHOST Internet Solutions LP
• Aleksandr Bolshakov (employee)
• Aleksandr Mishin (employee)
• Ilya Sidorov (employee)
• Dmitriy Bolshakov (employee)
• Igor Odintsov (employee)
• Vladimir Ananev (employee)

The US sanctions include asset freezes and a ban on transactions. Banks and other financial institutions also risk secondary sanctions if they continue to cooperate with the sanctioned individuals and entities.

Interestingly, these are the first sanctions related to the Russian Federation imposed by the US during Donald Trump's second presidential term.

Background

LockBit is a Russian ransomware group that was first identified in 2019. In 2023, the US Department of Justice charged Russian national Ruslan Astamirov, who was part of the LockBit hacking group.

Previously, law enforcement agencies from the US, the UK, and Europol conducted an operation against LockBit cybercriminals.

It was later revealed that the Security Service of Ukraine (SSU) was also involved in exposing the Russian hackers.