
A seven-year investigation has culminated in criminal charges against three Russian nationals accused of operating a "bulletproof hosting" network that enabled ransomware, phishing, malware, and other cybercriminal operations responsible for more than $62 million in victim losses.
The indictment, unsealed this week by the U.S. Department of Justice, alleges the defendants provided specialized internet infrastructure to help cybercriminals avoid detection and remain online despite repeated complaints of abuse and law enforcement efforts.
Unlike legitimate hosting providers, bulletproof hosting (BPH) services intentionally cater to cybercriminals.
These providers typically ignore abuse complaints, shield customers' identities, rapidly move malicious infrastructure between servers, and make it difficult for authorities to shut down criminal operations.
Bulletproof hosting has become a key enabler of modern cybercrime. Instead of creating malware themselves, operators sell resilient infrastructure that allows ransomware affiliates, phishing kits, botnets, credential theft campaigns, and information stealers to remain operational for longer.
The indictment alleges Alexander Alexandrovich Volosovik (43), Kirill Andreevich Zatolokin (34), and Yulia Vladimirovna Pankova (29), all from St. Petersburg, operated two companies—Media Land LLC and ML.Cloud LLC—that provided hosting services designed to support criminal customers.

Investigators say the companies maintained infrastructure in multiple countries, including the United States, the Netherlands, Finland, and China, allowing criminal customers to continue operating even after abuse complaints, domain takedowns, or server seizures.
The defendants face charges including:
As with all criminal indictments, the allegations remain unsubstantiated unless proven in court.
Authorities say the hosting network supported numerous forms of cybercrime rather than carrying out individual attacks itself.
According to prosecutors, customers allegedly used the infrastructure to launch:
The Justice Department says victims included organizations connected to U.S. critical infrastructure, businesses, schools, hospitals, and other entities in 21 states, with additional victims in several foreign countries. Total losses exceeded $62 million.
According to the Bitdefender 2026 Global Scam Intelligence Report, many scam operations follow predictable work schedules, reinforcing what investigators increasingly observe: modern cybercrime operates much like a legitimate business, complete with specialized service providers, dedicated infrastructure, and distinct roles within the criminal ecosystem.

While ransomware groups and malware developers often dominate the headlines, bulletproof hosting providers play a critical supporting role in the cybercrime ecosystem.
Without reliable infrastructure, many criminal campaigns would be disrupted much more quickly through reports of abuse, domain takedowns, or server seizures.
By offering resilient hosting, anonymous payment methods, and a willingness to ignore illegal activity, these providers reduce operational risk for cybercriminals and allow attacks to scale across thousands of victims.
The indictment is the result of a seven-year investigation led by the FBI and the U.S. Attorney's Office for the Northern District of Ohio, working with numerous domestic and international partners.
Alongside the criminal charges, the U.S. Department of State announced a reward of up to $10 million for information leading to the defendants or other individuals acting on behalf of foreign governments who participated in the malicious cyber activities described in the case.
Although consumers can’t control the infrastructure criminals use, they can reduce their exposure by following a few best practices:
You may also want to read:
After years on the run, alleged Ryuk ransomware operator pleads guilty
Scam centers keep office hours — because fraud is a business
tags
Filip has 17 years of experience in technology journalism. In recent years, he has focused on cybersecurity in his role as a Security Analyst at Bitdefender.
View all posts