US unseals charges, offers $10M reward for info on Russian hackers behind bulletproof hosting empire
Three Russian nationals allegedly ran hosting services that enabled ransomware attacks across 21 states, causing an estimated $62 million in losses
The US Department of Justice unsealed an indictment against three Russian nationals on July 14, charging them with conspiracy to commit computer fraud, wire fraud, and money laundering. The trio allegedly operated “bulletproof” hosting services that enabled ransomware attacks hitting victims in 21 states.
The US State Department simultaneously announced a $10 million reward for information leading to the identification or location of the defendants.
The infrastructure behind the attacks
The indictment, filed in the Northern District of Ohio, names Alexander Volosovik, Kirill Zatolokin, and Yulia Pankova as the operators behind Media Land and ML.Cloud. These companies allegedly provided bulletproof hosting, a type of service specifically designed to resist law enforcement takedown requests and shield criminal clients from accountability.
The victims of the attacks facilitated through these services reportedly include banks, schools, government entities, hospitals, and media companies. Financial losses tied to the operations are estimated at $62 million, spread across targets in more than two dozen states.
Bulletproof hosting operators don’t usually launch the attacks themselves. They host the command-and-control servers, store the malware payloads, and keep the lights on for ransomware gangs who do the actual extortion. Prosecuting infrastructure providers rather than just the trigger-pullers is a deliberate strategic choice by US authorities.
A broader crackdown on ransomware networks
The $10 million reward comes through the State Department’s Rewards for Justice program, which has increasingly been deployed against cyber threats alongside its traditional use for counterterrorism intelligence.
Sanctions against other cybercriminal enablers have accompanied similar indictments in recent years, creating a layered enforcement approach that targets not just individuals but the financial rails they use.
What this means for crypto markets and investors
Ransomware payments have historically been demanded in Bitcoin and, increasingly, in privacy-focused coins. The Treasury Department’s Office of Foreign Assets Control has previously sanctioned crypto addresses and mixing services tied to ransomware proceeds.
Indictments against Russian nationals create legal barriers that restrict the defendants’ ability to travel, access Western financial systems, or operate openly. Extradition from Russia is essentially impossible, limiting practical enforcement value.