US, UK Sanction Russian Zservers Over LockBit Ransomware

Governments in the United States, the UK, and Australia have simultaneously imposed restrictions on Zservers, a Russian-based service of hosting services used by the infamous LockBit group and another ransomware hackers.

Zservers and six of its employees are now listed on the Specially Designated Nationals ( SDN) list by the U.S. Office of Foreign Assets Control, which prohibits US-based companies from conducting business with them.

The UK’s Foreign Commonwealth and Development Office has also imposed restrictions on XHOST Internet Solutions LP, the top business for Zservers in the country, which reportedly advertises itself to cybercriminals as a provider of armored opening, or BPH, services.

As a BPH service, Zservers is reported to sponsor hackers, misconceptions, child exploitation material, spam and hate speech, with Zservers and comparable companies selling criminals tools which can cover their locations, activities and identities.

According to a report from Chainalysis, “multiple various ransom affiliates” sent money to Zservers, including LockBit, which was disbanded in February last year after using ransomware attacks to extort$ 120 million in Bitcoin from victims.

contacted Chainanalysis for comment, but they did not respond right away.

In fact, it was a 2022 search of a known LockBit affiliate that led to Zservers. A laptop running a virtual machine connected to a Zservers IP address was discovered by Canadian authorities at the time.

The Zservers also cashed out funds at various other KYC-free exchanges as well as the already OFAC-sanctioned Garantex exchange, according to the chainalysis data.

In total, Zservers ‘ interactions with the ransomware-linked actors accounted for$ 5.2 million in on-chain activity, according to Chainalysis.

The US and UK governments have welcomed the news of US and UK sanctions against Zservers as a blow to international ransomware gangs, which “almost exclusively” request payment in crypto, according to the FATF.

” Today’s trilateral action with Australia and the United Kingdom underscores our collective resolve to disrupt all aspects of this criminal ecosystem, wherever located, to protect our national security”, said Bradley T. Smith, Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence.

According to Dan Jarvis, the UK’s minister of state for security, Russian-affiliated cybercrime gangs are among” the most harmful cyber threats” the country currently faces.

Giving cybercriminals the tools of their trade makes them less likely to seriously harm the UK, he said.

According to the most recent data, ransomware attacks are becoming more frequent but are causing less financial harm.

This was the conclusion of Chainalysis ‘ 2025 Crypto Crime Report, which recorded a 35 % year-on-year decline in the total volume of ransomware payments, from a record$ 1.25 billion in 2023 to$ 813.55 million last year.

Yet it also revealed an increase in ransomware events (attacks or leaks ) in H2 2024, with 56&nbsp, data leak sites appearing across the year, more than double the number in 2023.

The UK National Cyber Security Centre predicted in January 2024 that AI will increase ransomware attacks globally over the next two years.

One group, known as FunkSec, has been using generative AI to write its code, and was responsible for 103 separate attacks in December 2024 alone, making it the most active ransomware group that month.