On November 19, 2025, the governments of the United States, the United Kingdom, and Australia announced a coordinated set of sanctions targeting a Russia-based web services provider, Media Land, along with several related companies and individuals, for their role in facilitating ransomware operations and other forms of cybercrime.
The coordinated action, announced by the U.S. Treasury’s Office of Foreign Assets Control (OFAC), the U.K.’s foreign office, and Australia’s relevant authorities, reflects an intensifying global effort to disrupt the infrastructure that underpins major cyberattacks.
What Is Media Land — And What Did It Do?
Media Land, headquartered in St. Petersburg, Russia, is described in official statements as a “bulletproof hosting” (BPH) provider. BPH services offer servers and internet infrastructure to clients while turning a blind eye to — or even deliberately shielding — illicit cyber operations such as ransomware, phishing, and distributed denial-of-service (DDoS) attacks.
According to OFAC, Media Land supplied hosting and infrastructure services to known ransomware and cyber-criminal groups — including widely tracked operators such as LockBit, BlackSuit, and Play. Its servers also reportedly supported multiple DDoS attacks against U.S. companies and critical infrastructure.
The U.S. Treasury described Media Land as “a key launching pad for ransomware,” underscoring its central role in enabling cybercrime networks to operate across international borders with relative impunity.
Who Else Was Targeted?
The sanctions do not apply only to Media Land. OFAC also designated three members of the firm’s leadership team as well as three of its affiliated sister companies.
Among the individuals named is Alexander Volosovik (alias “Yalishanda”), identified as general director of Media Land and alleged to have actively advertised the firm’s illicit services on cybercriminal forums. Another individual, Kirill Zatolokin, is described as responsible for handling payments and coordination with criminal clients.
Sister companies named in the sanctions include ML Cloud, used alongside Media Land’s infrastructure in ransomware and DDoS operations as well as fully owned subsidiaries such as Media Land Technology (MLT) and Data Center Kirishi (DC Kirishi).
The coordinated sanctions also target Aeza Group LLC, another BPH provider, along with additional front companies and individuals believed to be involved in evading earlier sanctions and continuing to supply hosting infrastructure for cyber-crime.
What the Sanctions Do
As a result of this action, all property and interests in property belonging to the designated entities and individuals that are within U.S. jurisdiction or in the possession or control of U.S. persons are now blocked. This includes entities that are owned, directly or indirectly, even partially, by the designated parties.
For those doing business within or transiting the United States, transactions involving services, funds, or any support to or from these designated persons are prohibited unless explicitly licensed by OFAC. Such violations can result in civil or criminal penalties under U.S. law.
In the U.K., the sanctions carry similar restrictions such as asset freezes, director disqualification orders for the companies involved, and travel bans for individuals designated under the cyber-crime regime.
Additionally, businesses in Britain are now barred from providing technical support or hosting services to these entities, including BPH services a constraint also extending to related infrastructure and trust services.
Why This Matters — And What It Signals
According to U.S. Treasury officials, bulletproof hosting providers such as Media Land play a pivotal role in enabling cybercrime by giving criminal groups the infrastructure they need to conduct ransomware, phishing, and DDoS attacks many of which target companies, governments, and essential services across borders.
By targeting the hosting infrastructure rather than only the criminal groups, the allied governments hope to cut off a fundamental enabler of cybercrime. This makes it harder for ransomware gangs and other malicious actors to hide or relocate their operations. The operation illustrates a shift toward a broader and potentially more effective approach against global cyber-crime networks.
Moreover, the coordination between the United States, the United Kingdom, and Australia highlights how cyber threats are being addressed not as isolated national issues but as shared risks requiring collective action.
Response & Reactions
At the time of reporting, the authorities said the embassy of Russia in London had not responded to requests for comment. Neither Media Land, ML Cloud, nor the individuals named had issued a public response.
Australia stated that its participation in the sanctions reflects concern over the impact of ransomware networks on critical services such as hospitals, schools, and businesses and the need to align with international partners to disrupt those networks.
What Lies Ahead
The sanctions mark a significant escalation in the global fight against ransomware and cybercrime. By going after infrastructure: the servers, hosting providers, and support networks that ransomware gangs rely on, lawmakers and regulators aim to make cyber-criminal operations more difficult and risky.
If enforced effectively, these measures could force malicious actors to abandon known BPH providers and disrupt existing ransomware workflows. However, the landscape of cybercrime is dynamic, new providers may emerge, and threat actors may shift their tactics.
Still, the coordinated action sends a clear signal. Hosting providers that knowingly enable cyber-crime will not escape scrutiny. Allied governments are willing to act collectively to disrupt the backbone of global ransomware operations.
