On February 11, 2025, Australia, the U.K., and the U.S. imposed sanctions on Zservers, a Russian bulletproof hosting (BPH) provider linked to cybercriminal activities. Authorities in the Netherlands seized 127 servers associated with Zservers, aiming to disrupt its operations. Zservers provided hosting services for ransomware groups such as LockBit, BianLian, and Hunters International, shielding them from law enforcement by ignoring abuse complaints.

The sanctions froze Zservers' assets, prohibited transactions, and in Australia's case, banned travel for those involved. Six key individuals were sanctioned, including Aleksandr Sergeyevich Bolshakov (owner) and Aleksandr Igorevich Mishin (administrator). Mishin allegedly marketed Zservers to cybercriminals and helped ransomware actors bypass detection.

Zservers had deep ties to ransomware operations and darknet markets, receiving cryptocurrency payments from LockBit, Mallox, Cryptolocker, and other groups. It also laundered funds through Garantex, a Russian exchange previously sanctioned by the U.S. Zservers was implicated in hosting data stolen during a major 2022 Australian healthcare breach, where the Australian government later deleted 520 GB of stolen data from its servers.

A 2024 data leak exposed details about Zservers’ infrastructure, clients, and financial transactions. The leak connected Mishin to the alias triplex560, linking him to cybercrime forums as far back as 2006. Zservers reportedly resold servers from legitimate hosting providers, making takedown efforts complex.

Despite sanctions, Zservers' website remains online, though it has stopped accepting new customers. Cybercrime forums speculate that Zservers will rebrand to evade law enforcement, following the common tactic of renaming, acquiring new IP ranges, and using fast-flux hosting to stay operational.

‍