Media Land, Alexander Volosovik (left) and Yulia Pankova (right)
Alexander Volosovik and Yulia Pankova, sanctioned as key figures behind Media Land, a 'bulletproof' hosting service for ransomware gangs. US Department of the Treasury

A covert Russian tech company named Media Land, accused of providing the digital infrastructure for notorious ransomware gangs, has been sanctioned by the UK, US, and Australia. These measures target its role in cyber-attacks that cost the UK an estimated £14.7 billion last year.

Announced on 19 November, the coordinated sanctions mark a significant escalation in the fight against cybercrime infrastructure. Western governments are shifting focus from individual hackers to dismantling entire business networks that provide safe havens for cybercriminals.

The 'Bulletproof' Hosting Business

At the core of Media Land's operations is a service known as 'bulletproof' hosting. Unlike legitimate web hosting providers that comply with law enforcement requests to remove malicious content, these services are deliberately non-cooperative. They offer a digital sanctuary for illegal activities, enabling cybercriminals to operate with impunity.

Media Land's business model was built on providing servers and online infrastructure designed to resist takedown attempts. This allowed some of the world's most notorious cybercrime syndicates to carry out operations such as ransomware attacks and phishing campaigns against critical infrastructure and British taxpayers.

According to a UK government press release, gangs using Media Land's services have been linked to crippling ransomware attacks on the UK's national infrastructure, including telecommunications, and have been involved in large-scale phishing schemes. These operations have left British businesses and citizens to deal with the fallout.

The Key Figures Behind Media Land

From its headquarters in St. Petersburg, Russia, Media Land was more than just a rogue hosting service; it was a structured corporate network catering to a global client base of digital extortionists.

The US Treasury names Alexander Volosovik as the ringleader. Using the alias 'Yalishanda', he allegedly acted as the firm's public face on criminal forums, personally advertising its illicit services. He was also alleged to be involved in troubleshooting servers used for ransomware and DDoS attacks against US infrastructure.

Sanctions reveal a web of related companies, including sister firm ML Cloud, often used alongside Media Land's infrastructure for attacks. The enterprise also comprised subsidiaries, such as Media Land Technology and Data Center Kirishi, showing a sophisticated corporate structure.

A small circle of associates managed daily operations. Kirill Zatolokin worked closely with Volosovik on strategy and handled payments from clients. Notably, the US Treasury states that Yulia Pankova, who managed finances and legal issues, was aware of the illicit activities, indicating key staff's knowing complicity.

This corporate camouflage and dedicated personnel enabled Media Land to apparently provide the technical backbone for cyber gangs like LockBit, BlackSuit, Evil Corp, and Play, fuelling a global wave of digital extortion.

Media Land employee Kirill Zatolokin
Sanctioned Media Land employee Kirill Zatolokin, reportedly responsible for collecting payments, poses in a company logo T-shirt, highlighting the firm’s ties to the criminal underworld. US Department of the Treasury

Global Crackdown on Russia's Cyber Havens

The sanctions represent a coordinated effort by the UK, US, and Australia to target the foundations of the cybercrime economy. According to the UK government, Russia's role as a 'safe haven' for these syndicates compels Western nations to use economic measures where traditional law enforcement falls short.

Foreign Secretary Yvette Cooper emphasised the importance of the action: 'Cyber criminals think they can act in the shadows, targeting hardworking British people and ruining livelihoods with impunity. But they are mistaken – together with our allies, we are exposing their dark networks and going after those responsible.'

The operation also highlights the challenge of sanctions evasion. Authorities targeted Aeza Group, another Russian bulletproof host that attempted to hide its infrastructure after previous sanctions. It created front companies—including UK-registered Hypercore Ltd., as well as shell firms in Serbia and Uzbekistan—to continue its illegal activities.

Dismantling the Cybercriminal Ecosystem

This coordinated takedown signals a strategic shift: Western powers are no longer merely pursuing individual hackers but are working to dismantle entire cybercrime ecosystems, from key ringleaders to corporate shields.

With cyber-attacks costing the UK economy £14.7 billion last year, the message is clear: enabling cybercrime now carries a substantial price.

Writer's pick