Three Russians Charged in $62M Cybercrime Scheme Targeting U.S. Infrastructure
In a significant development in the fight against cybercrime, three Russian nationals have been indicted for their roles in a sophisticated cybercrime operation that allegedly facilitated various illicit activities, including ransomware attacks, malware distribution, and phishing schemes. U.S. authorities estimate that these activities resulted in over $62 million in losses for victims across the United States and other countries.
The U.S. Attorney’s Office for the Northern District of Ohio announced the unsealing of the indictment after a comprehensive seven-year investigation. Alongside the criminal charges, the U.S. Department of State has offered a reward of up to $10 million for information regarding associates linked to foreign governments involved in this operation.
Indictment Details: Key Figures and Entities
The indictment, returned by a federal grand jury in December 2024, names the following individuals:
- Alexander Alexandrovich Volosovik, 43, from St. Petersburg, Russia
- Kirill Andreevich Zatolokin, 34, from St. Petersburg, Russia
- Yulia Vladimirovna Pankova, 29, from St. Petersburg, Russia
Additionally, two companies, Media Land LLC and ML.Cloud LLC, are implicated in the charges. The defendants face serious allegations, including conspiracy to commit computer fraud, wire fraud, money laundering, and aiding cybercriminal activities.
Assistant Attorney General A. Tysen Duva stated that the defendants allegedly operated a criminal infrastructure from overseas, which supported attacks on critical U.S. institutions and posed a significant risk to public safety.
Bulletproof Hosting: A Critical Enabler of Cybercrime
Court documents reveal that Media Land and ML.Cloud provided internet infrastructure and server hosting services specifically designed to help cybercriminals evade law enforcement. These companies allegedly maintained operations from St. Petersburg while utilizing infrastructure in various countries, including China, Finland, the Netherlands, and the United States.
The services offered by these entities included bulletproof hosting, which allowed criminal clients to deploy malware and ransomware, extort victims for money and cryptocurrency, register fraudulent domains, operate criminal marketplaces, and execute phishing and brute-force attacks. Investigators noted that the companies also provided technical support to their cybercriminal customers, enabling malicious campaigns to persist while avoiding detection.
Impact on Critical Sectors Across the U.S.
The operation reportedly targeted dozens of organizations across 21 U.S. states and multiple countries. Victims included:
- Banks
- Schools
- Government entities
- Hospitals
- Media companies
In Ohio, communities affected by these cybercrimes include Akron, Brookfield, Canton, Cleveland, Elyria, Medina, Findlay, Solon, and Valley View. Other impacted states encompass California, Florida, Georgia, Illinois, Louisiana, Maryland, Massachusetts, Michigan, Minnesota, New Hampshire, New York, North Carolina, Pennsylvania, Tennessee, Texas, Utah, Virginia, Washington, Wisconsin, and Delaware. International victims have been identified in Australia, Canada, the European Union, the United Arab Emirates, and the United Kingdom.
FBI Cyber Division Assistant Director Brett Leatherman remarked that Media Land facilitated malicious activities that resulted in tens of millions of dollars in losses, affecting victims across multiple countries.
Reward Offer and International Sanctions
In light of the indictment, the U.S. Department of State’s Rewards for Justice program has announced a reward of up to $10 million for actionable information regarding associates of the indicted individuals linked to foreign governments or their cyber activities. The program also indicated that relocation assistance may be available for qualifying information.
The indictment follows coordinated international actions against the alleged operators. In November 2025, the U.S. Department of the Treasury’s Office of Foreign Assets Control, in collaboration with authorities from the United Kingdom and Australia, sanctioned Media Land for its role in facilitating global ransomware operations and other malicious cyber activities. The sanctions also targeted Volosovik, Zatolokin, and Pankova individually, along with Media Land subsidiaries.
On July 13, the European Union announced sanctions against the companies and key individuals as part of broader efforts to disrupt cybercrime infrastructure.
Collaborative International Investigation
The investigation was spearheaded by the FBI Cleveland Division, with support from the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Foreign Assets Control. Authorities received assistance from the National Police of the Netherlands, the Public Prosecutor’s Office of the Netherlands, the United Kingdom’s National Crime Agency, the United Kingdom Foreign Commonwealth and Development Office, the Australian Department of Foreign Affairs and Trade, and the Australian Federal Police.
Officials from CISA and partner agencies emphasized that disrupting bulletproof hosting providers is essential, as these services form a critical part of the cybercriminal ecosystem, enabling ransomware, phishing, malware, and other malicious operations while allowing threat actors to remain anonymous.
For further details on this case, visit the source: thecyberexpress.com.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.


