US authorities have taken aim at a piece of the machinery that keeps ransomware running: the web hosts that give cybercriminals a place to operate. Federal prosecutors unsealed an indictment charging three Russian nationals and two companies over a "bulletproof" hosting operation that allegedly served ransomware groups and other criminals, TechCrunch reported. The charges are allegations, and the defendants, who are in Russia, have not been convicted.

What "bulletproof hosting" means

Most web-hosting companies will pull the plug on customers who break the law, responding to abuse complaints and law-enforcement requests. "Bulletproof" hosts sell the opposite: infrastructure that deliberately ignores those complaints and shields its customers from takedowns. That makes them a kind of critical infrastructure for cybercrime, the rented servers from which ransomware, phishing and other attacks are launched and managed. Spreading servers across several countries makes the operations harder for any single authority to shut down.

The charges

Prosecutors named three St. Petersburg residents, Alexander Volosovik, Kirill Zatolokin and Yulia Pankova, and tied them to two firms, Media Land and ML.Cloud. According to reporting on the indictment, the hosting services were used by well-known ransomware groups including LockBit, BlackSuit and Play, and supported denial-of-service attacks, phishing and intrusions affecting US targets, per The Record and BleepingComputer. Ransomware is malicious software that locks up a victim's files until a ransom is paid; a denial-of-service attack floods a website or service with traffic to knock it offline.

The dollar figure attached to the case is about $62 million in losses to victims from attacks that relied on this infrastructure, according to the charges reported by TechCrunch. Victims reportedly spanned many US states and included businesses and public institutions. As with most such tallies, the figure captures traceable proceeds and losses; the full cost of ransomware, including downtime and recovery, is typically higher.

Sanctions and the limits of enforcement

This is not the first move against the operation. The US Treasury had already sanctioned Media Land and ML.Cloud, which bars Americans and US firms from doing business with them, as noted in reporting on the case. An unsealed indictment adds criminal charges on top of those financial penalties.

The practical catch is familiar: the defendants are in Russia, beyond the reach of US arrest. Naming individuals and companies still matters, though. It can constrain their ability to travel, use the international financial system or work with legitimate partners, and it signals to the cybercrime economy that the plumbing beneath ransomware, not just the gangs themselves, is a target.

Why it matters for business

For companies, the case is a reminder that ransomware is an industry with suppliers, not just lone attackers. Disrupting the hosting, payment and money-laundering services that criminals rely on is now a central strategy for law enforcement, because it can raise costs and friction across many attacks at once. Ransomware remains one of the most expensive digital threats to businesses, hospitals and public agencies, and going after its infrastructure is an attempt to weaken the whole system rather than chase each attack after the damage is done. Whether indictments that cannot be enforced with arrests meaningfully deter that trade is the open question this case leaves behind.