Media Land Sanctioned: US, UK, and Australia Crush Russian “Bulletproof” Hosting Empire

November 20, 2025 — In a rare display of international cooperation that cybercriminals probably didn’t see coming, the United States, United Kingdom, and Australia have joined forces to smash one of Russia’s most notorious cybercrime enablers. And no, we’re not talking about just another ransomware gang—this time, they went after the landlords.

Based in sunny 🙃 St. Petersburg, Russia, Media Land LLC has been running what the industry politely calls “bulletproof hosting” services. For those unfamiliar with the term, “bulletproof hosting” is essentially server infrastructure designed with one goal in mind: making it incredibly difficult for law enforcement to shut you down. Think of it as the cybercrime equivalent of a bunker—except instead of storing canned goods, you’re hosting ransomware operations.

According to the U.S. Treasury Department, Media Land has been the hosting provider of choice for some of the cybercrime world’s greatest hits, including LockBit, BlackSuit, and Play ransomware gangs. Their infrastructure has also been used to launch DDoS attacks against U.S. companies and critical infrastructure. In other words, if cybercrime were a movie, Media Land would be the studio lot where all the villains shoot their scenes.

The Man Behind the Curtain: “Yalishanda”

Running this digital criminal empire is Alexander Volosovik, known in underground forums by his rather whimsical alias “Yalishanda” (One has to wonder if that username was already taken when he tried “CyberCrimeBoss69”) Volosovik has been busy advertising his services on cybercriminal forums, providing servers, and troubleshooting for ransomware operators—basically running a twisted version of customer support. Notably, security researcher Brian Krebs investigated bulletproof hosting operations back in July 2019, highlighting how these services have long enabled cybercriminals to operate with impunity.

“Need a server that law enforcement can’t touch? Call Yalishanda! We’ve got you covered!” might as well have been his tagline.

Working alongside Volosovik are several accomplices, including Kirill Zatolokin, who handled payments and coordination (every criminal enterprise needs a good accountant), and Yulia Pankova, who managed Volosovik’s legal issues and finances. Because even cybercriminals have paperwork, apparently.

The Price Tag: £14.7 Billion and Counting

UK Foreign Secretary Yvette Cooper didn’t mince words when announcing the sanctions. Cyber-attacks cost British businesses a staggering £14.7 billion in 2024 alone—that’s 0.5% of the entire UK GDP. To put that in perspective, that’s roughly the GDP of a small country, just… evaporating into the digital void thanks to ransomware and other cyber nastiness.

Cooper’s statement painted a bleak but accurate picture: “Putin has turned Russia into a safe haven for these malicious cyber criminals, cultivating a dark criminal ecosystem with deep ties to the Kremlin.” Translation: Russia has become the Florida of cybercrime—a place where criminals retire and continue their work with impunity. This isn’t the first time we’ve seen Russia’s cybercrime ecosystem intersect with geopolitical conflicts, particularly in the context of the ongoing war in Ukraine.

Aeza Group: When Plan A Gets Sanctioned, Try Plan B (and C, and D…)

In a plot twist worthy of a spy novel, the sanctions also target Aeza Group LLC, another bulletproof hosting provider that was already sanctioned back in July 2025. But here’s where it gets interesting: instead of calling it quits, Aeza’s leadership decided to play a game of corporate whack-a-mole.

After the initial sanctions, Aeza initiated what the Treasury delicately calls “a rebranding strategy.” They created Hypercore Ltd. in the UK, established front companies in Serbia (Smart Digital Ideas DOO) and Uzbekistan (Datavice MCHJ), and appointed a new director, Maksim Makarov, to make key decisions about evading sanctions. Because apparently, when you’re already sanctioned for enabling cybercrime, the logical next step is… more crime.

The U.S. Treasury’s response? “Thanks for the org chart!” They’ve now sanctioned the entire network, including the new players.

What Does “Bulletproof” Even Mean?

For the uninitiated, bulletproof hosting providers offer specialized services designed to resist takedown attempts. This typically includes:

• Ignoring abuse complaints: That email saying “your server is hosting ransomware” goes straight to spam
• Hosting in jurisdictions with lax enforcement: Preferably where local authorities either can’t or won’t cooperate with international law enforcement
• Quick infrastructure migration: If one server gets seized, the operation moves to another faster than you can say “probable cause”
• Anonymized payment methods: Cryptocurrency preferred, questions discouraged

Media Land and Aeza Group weren’t just hosting websites—they were providing the entire infrastructure that allows cybercriminals to operate with something approaching impunity. It’s like renting out a getaway car, but the car can teleport to a different country if the police get too close.

The coordinated nature of these sanctions is particularly significant. When three major economies simultaneously slam the door on your operation, finding financial institutions willing to process your payments becomes… complicated.

Here’s the delicious irony: bulletproof hosting providers sell their services based on being untouchable. “We’re so secure, so hidden, so protected that authorities can’t touch us!” And yet, here we are, with detailed Treasury Department press releases listing names, aliases, corporate structures, and asset freezes.

Turns out “bulletproof” has its limits when three countries’ financial systems simultaneously decide you’re persona non grata.

The National Cyber Security Centre, along with its international counterparts, has released new guidance to help organizations defend against malicious activities enabled by bulletproof hosting providers. Because while sanctions can disrupt operations, education and defense are equally important.

Will this completely stop ransomware attacks? Of course not. Cybercrime is a multi-billion-dollar industry with plenty of entrepreneurs eager to fill any gaps in the market. But it does make life significantly harder for major operations, disrupts established infrastructure, and sends a clear message: the “bulletproof” promise comes with an expiration date.

The Bigger Picture

What makes this action particularly noteworthy is the coordination. Cybercrime is inherently international—attackers in Russia can target victims in the UK using infrastructure in a dozen different countries. Fighting it requires a similarly international response. We’ve seen similar coordinated efforts before, such as when international authorities successfully dismantled major Russian botnets, proving that collaboration can yield results.

The fact that the U.S., UK, and Australia managed to coordinate sanctions, share intelligence, and act simultaneously shows that when it comes to cybercrime infrastructure, the good guys are learning to play the same global game as the criminals.

As for Alexander “Yalishanda” Volosovik and his associates, they’re probably discovering that being on everyone’s sanctions list is decidedly bad for business. Even in Russia’s cybercrime-friendly ecosystem, being this toxic makes it hard to find banks willing to hold your money or partners willing to work with you. While Media Land focused on hosting ransomware infrastructure, other Russian cybercriminals have been involved in more direct attacks, showing the diverse nature of the threat landscape.