U.S. prosecutors unsealed charges Tuesday against three Russian nationals accused of running and supporting Media Land, a St. Petersburg bulletproof hosting provider that the U.S., U.K. and Australia sanctioned in November over alleged cybercrime links.
The Justice Department said Aleksandr Volosovik, also known as “Yalishanda,” Yulia Pankova and Kirill Zatolokin provided infrastructure and technical support to criminal customers through Media Land and a related company, ML Cloud. Prosecutors said Volosovik owned Media Land, Pankova owned ML Cloud and Zatolokin collected payments and coordinated services with cybercriminals.
The indictment, filed in December 2024 and unsealed this week, charges all three with conspiracy to commit and aid and abet computer fraud, conspiracy to commit wire fraud, wire fraud and conspiracy to commit money laundering.
Bulletproof hosting is the less respectable cousin of ordinary web hosting: it sells servers, connectivity and support while promising customers a higher chance of staying online when law enforcement, abuse desks or victims complain. Prosecutors allege Media Land and ML Cloud used that model to keep criminal infrastructure running for ransomware crews and fraud forums.
The Justice Department said 44 unnamed victims lost more than $62 million through attacks by cybercriminal groups that used the companies’ services.
“From their overseas safe haven, these defendants ran the criminal infrastructure that powered attacks on critical institutions across our nation,” Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division said in the department’s announcement. Duva said the alleged conduct put the American public at risk.
Reward offer targets possible state links
The State Department separately offered a reward of up to $10 million through its Rewards for Justice program. Its notice asks for information about foreign government connections to Media Land and ML Cloud’s activities.
That wording matters. The indictment described alleged criminal services, while the reward notice signals that U.S. officials are also looking for evidence about whether any foreign government had a role in, or connection to, the hosting operation. The State Department did not say it had proved such a link in the reward announcement.
Authorities said Volosovik, Pankova and Zatolokin are known residents of St. Petersburg. The U.S. and Russia do not have an extradition treaty, which makes any U.S. prosecution depend heavily on travel, arrests in partner countries or other forms of international pressure.
Russia recently warned its citizens against traveling to countries that routinely extradite criminal suspects to the United States, according to Reuters.
Ransomware crews and carding markets
When the sanctions were announced in November, U.S. authorities said ransomware groups including Lockbit, BlackSuit and Play had used services from Media Land and ML Cloud. A third sanctioned business, Data Center Kirishi, was named in the sanctions action but does not appear in the indictment.
Prosecutors also said several cybercrime marketplaces used Media Land infrastructure, including Briansclub, Cardhouse, crdclub, Club2crd, Verified, Fullzinfo, Swipestore and Bidencash. Those markets specialized in stolen payment card data, according to prosecutors. Bidencash was taken down last year in an international operation involving U.S. and Dutch authorities.
The Justice Department said agencies in the Netherlands helped with the investigation, along with partners in the U.K. and Australia.
Paul Foster, director of the U.K. National Cyber Crime Unit, said in the U.S. announcement that the case showed close international cooperation to identify, disrupt and prosecute cybercriminals.
This story draws on original reporting from The Record.