USA, Australia and Great Britain imposed sanctions against the hosting provider SSERRES, accusing it of providing infrastructure for Lockbit group attacks. The sanctions also targeted two service administrators who allegedly managed cryptocurrency transactions and supported the criminal activities of the group.
The US Treasury stated that in 2022, Canadian law enforcement officers discovered a virtual machine operating through an IP address provided by ZSERVES on a confiscated laptop belonging to a participant in the Lockbit group. The same IP address was later used by hackers to coordinate activities for Lockbit in 2023.
Australian police emphasized that “bulletproof” hosting providers, such as Bulletproof Server, are not immune to law enforcement actions and can have their infrastructure targeted. XHOST Internet Solutions LP, labeled as a front company for ZSERVES, was also sanctioned, with restrictions imposed on four employees involved. Transactions with the sanctioned entities from the US, Great Britain, and Australia are now prohibited, and violators face fines and frozen assets.
The sanctions against the Lockbit group were a continuation of ongoing operations. The US State Department had previously offered rewards for information about the group’s leader, Dmitry Khoroshev, and other participants and administrators. In recent years, authorities have detained individuals associated with the group.
Since 2019, Lockbit has targeted thousands of organizations globally, including Bank of America, Boeing, and government agencies like the Royal Mail of Great Britain and Italy’s tax service. The group reportedly earned up to $1 billion in ransom payments. In February 2024, during the Cronos operation, authorities seized 34 servers with over 2500 decryption keys, enabling the creation of a free decryption tool for unlocking encrypted data.