In a significant crackdown on cybercrime, Dutch authorities have taken down 127 servers belonging to the bulletproof hosting provider Zservers/XHost. This action follows international sanctions imposed by the US, UK, and Australia on February 11, 2025, targeting the Russian company for its involvement in supporting ransomware operations, notably LockBit.

Background on Sanctions

The sanctions were directed at Zservers and its administrators, Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov, for facilitating ransomware activities. Zservers, based in Barnaul, Russia, has been known to offer services on cybercriminal forums, helping evade law enforcement and cybersecurity scrutiny. These services included leasing IP addresses to LockBit affiliates, crucial for coordinating ransomware attacks.

Law Enforcement Actions

The Dutch police operation, conducted on February 12, resulted in the seizure of servers located in Amsterdam. These servers were reportedly used by notorious cybercrime groups such as Conti and LockBit. The Cybercrime Team of Amsterdam police had been investigating Zservers for over a year before executing the raid.

Details of the Investigation

  • The investigation revealed that Zservers provided infrastructure support for ransomware operations.
  • Authorities discovered servers equipped with hacking tools from Conti and LockBit, highlighting their role in global cybercrime.
  • The ongoing investigation aims to analyze the data from the seized servers to uncover further criminal activities.

Implications and Recommendations

This operation underscores the challenges posed by bulletproof hosting services, which offer safe havens for cybercriminals. The incident highlights the need for stricter regulations, such as Know Your Customer (KYC) policies, to prevent misuse of hosting services. For more insights on combating ransomware threats, learn more about zero-day vulnerabilities in our detailed Research section.

The link has been copied!