For almost a decade, AKA Yalishanda has enabled a wide variety of online crimes against UK-based and global victims, by providing resilient hosting infrastructure which purports to shield its customers.
For almost a decade, AKA Yalishanda has enabled a wide variety of online crimes against UK-based and global victims, by providing resilient hosting infrastructure which purports to shield its customers, that have included LOCKBIT, EVIL CORP and BLACKBASTA, from detection or takedown by law enforcement.
Media Land LLC and ML.Cloud LLC are parts of a notorious Russian-based bulletproof hosting service operated by AKA Yalishanda that has become a critical enabler of global cyber-crime. Its infrastructure has supported large-scale ransomware campaigns and other malicious malware operations targeting an array of victims worldwide resulting in severe financial losses, operational disruption and reputational damage.
Bulletproof hosting services are critical enablers within the cyber-crime ecosystem, providing a range of services to their customers, such as virtual or dedicated servers and infrastructure that is resistant to Law Enforcement (LE) takedowns. They obscure the identities of their users, often ignoring LE requests, frustrating and hindering efforts to effectively investigate cyber-crime.
Media Land’s Director, Russian-national Alexander Volosovik, AKA Yalishanda has been designated along with three of his associates by the Foreign, Commonwealth and Development Office (FCDO), in coordinated action with the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) and the Australian Department for Foreign Affairs and Trade (DFAT).
To support this activity, the NCA with partners from Australia, Canada, New Zealand and the United States of America has issued threat alerts to industry partners warning them of the threat from BPHs.
Today’s actions complement the NCA’s strategy of targeting the cyber-crime ecosystem’s key enabling services that facilitate malicious online activity and lower the barrier to entry for cyber-criminals.
Ransomware attacks alone have caused significant economic damage to UK and global victims across a number of sectors including critical national infrastructure, financial services and telecommunications.
The NCA will continue to work with its law enforcement allies to rapidly respond to attempts by illicit hosting providers to abuse UK services and circumvent global sanctions.
Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, said:
“Bulletproof hosting is a key component of the cyber-crime ecosystem, providing a digital “safe haven” for cyber-criminals that can appear resistant to law enforcement takedown activity.
“Services like Media Land and AEZA are critical enablers for cyber-criminals so sanctions like today’s against Media Land will inhibit their ability to plan, launch and monetise criminal schemes.
“This action will assist in law enforcement’s pursuit of nullifying the “bulletproof” shield provided by illicit hosting services, helping to degrade the cyber-crime ecosystem that nefarious actors depend on.”
