Can Washington make a Russian bulletproof hosting business toxic enough to disrupt it without getting its alleged operators into a US courtroom?

US Slaps $10M Bounty on Russian Bulletproof Hosting Trio
XOOMAR Intelligence
Analyst Take
Federal prosecutors on Tuesday unsealed an indictment against Aleksandr Volosovik, Yulia Pankova and Kirill Zatolokin, three Russian nationals accused of helping cybercriminals stay online through the St. Petersburg-based businesses Media Land and ML Cloud, according to The Record. The US also posted a reward of up to $10 million for information tied to the case.
Can a US indictment pressure Media Land if the defendants are in Russia?
The indictment, filed in December 2024 and now public, charges all three defendants with conspiracy to commit and aid and abet computer fraud, conspiracy to commit wire fraud, wire fraud and conspiracy to commit money laundering.
Prosecutors say Volosovik, also known as "Yalishanda," owned Media Land. They say Pankova owned ML Cloud. Zatolokin allegedly collected payments for Media Land and coordinated services with cybercriminal customers, authorities said when announcing sanctions last year.
The case lands in a hard jurisdictional reality. Authorities say all three are known residents of St. Petersburg, and Russia and the US do not have an extradition treaty. That means the indictment may not quickly produce arrests, unless defendants travel to a country willing to transfer them to US custody.
Still, unsealing matters. It turns a sealed criminal case into a public map of alleged operators, companies, charges and customer relationships. It also gives banks, payment firms, cybersecurity teams and infrastructure providers names to screen against, rather than a vague warning about Russian cybercrime infrastructure.
“From their overseas safe haven, these defendants ran the criminal infrastructure that powered attacks on critical institutions across our nation,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division. “Their actions put the American public at risk.”
The indictment cites 44 unnamed victims and $62 million in losses from cybercriminal groups allegedly aided by Media Land and ML Cloud.
How did bulletproof hosting allegedly keep cybercriminal customers online?
Bulletproof hosting is the business model prosecutors are attacking here. These providers allegedly sell internet infrastructure to customers engaged in crime, while helping them avoid takedowns, abuse complaints and law enforcement scrutiny.
The allegation against Media Land and ML Cloud is stronger than passive hosting. Prosecutors say the companies provided both infrastructure and technical support to cybercriminals. That distinction matters because the case targets the service layer that keeps attacks running, not only the hackers launching them.
Authorities said in December that ransomware groups including Lockbit, BlackSuit and Play used services from Media Land and ML Cloud. Prosecutors also said cybercrime marketplaces including Briansclub, Cardhouse, crdclub, Club2crd, Verified, Fullzinfo, Swipestore and Bidencash used Media Land infrastructure. Those forums specialized in stolen credit card information, according to the source material.
A practical reading: resilient hosting gives criminal groups more time. More time to run phishing pages. More time to host malware. More time to move stolen data. More time to rotate domains and servers before defenders can burn the infrastructure down.
The indictment does not publicly name the 44 victims. It also does not say, at least in the available source material, exactly which victim losses are tied to which criminal groups or infrastructure nodes.
| Case element | Public allegation |
|---|---|
| Companies | Media Land and sister company ML Cloud |
| Location | St. Petersburg, Russia |
| Defendants | Aleksandr Volosovik, Yulia Pankova, Kirill Zatolokin |
| Victim impact | 44 unnamed victims, $62 million in losses |
| Reward | Up to $10 million under the State Department’s Rewards for Justice program |
| Criminal charges | Computer fraud conspiracy, wire fraud conspiracy, wire fraud, money laundering conspiracy |
Why is the US targeting the business layer behind Russian cybercrime?
The harder question is whether prosecutors are trying to punish these alleged operators or break the supply chain that made them useful.
The indictment points to the second goal. The named defendants are not accused merely of participating in a single ransomware incident or fraud campaign. They are accused of running infrastructure that other cybercriminals used. That makes the case part of a wider enforcement push against the suppliers behind attacks: hosting, payments, malware distribution and marketplaces.
CNN, citing the Justice Department announcement, reported that prosecutors described Media Land as supporting criminal groups that targeted hospitals, schools and banks across the US, causing $62 million in damages. CNN also quoted Brett Leatherman, assistant director of the FBI’s cyber division, saying of Media Land: “To this day, they are likely still shielding criminal activity.”
For fintech and markets readers, the relevance is direct. Stolen card forums, fraud shops and ransomware crews don’t operate in isolation. They create costs for payment processors, banks, crypto platforms, insurers and listed companies that must absorb fraud, incident response, recovery work and disclosure risk.
The State Department’s $10 million reward also shows what investigators still want. The announcement emphasizes information about possible foreign government links to the activities of Media Land and ML Cloud. The available source material does not establish such links. It says the government is looking for information.
That distinction is important. The indictment alleges criminal infrastructure. The reward notice signals that investigators are probing whether there is another layer above or around it.
Which parts of the Media Land case could actually disrupt operations?
The next phase will test whether a public indictment can move from naming alleged operators to choking off infrastructure.
The defendants were already sanctioned by the US and two allies in November, according to The Record. A third business sanctioned at the time, Data Center Kirishi, is not mentioned in the indictment. That gap matters because sanctions lists and criminal cases do not always map perfectly onto each other.
Near-term signals will come from law enforcement and security researchers. If authorities release technical indicators, companies can hunt for past exposure to Media Land or ML Cloud infrastructure. If domains, servers or payment channels are seized, the case shifts from pressure to disruption.
Future filings could also sharpen the story. Prosecutors may connect specific Media Land or ML Cloud services to named campaigns, customer accounts, payment flows or victim sectors. Right now, the public record identifies alleged operators, charges, losses, companies and several criminal groups or marketplaces that authorities say used the infrastructure.
The strongest scenario for the US is not just an indictment sitting on a docket. It is an indictment paired with allied pressure, sanctions enforcement, infrastructure seizures and travel risk for the accused. The weaker scenario is familiar: named suspects remain in Russia, customers migrate, and investigators chase the next hosting provider.
That is the watch item now. The Media Land case has raised the cost of being named as a bulletproof hosting operator. Its real impact depends on whether investigators can turn exposure into outages.
Impact Analysis
- The indictment publicly names alleged operators and businesses behind Russian bulletproof hosting infrastructure.
- Russia’s lack of an extradition treaty with the US makes arrests unlikely unless defendants travel abroad.
- The public case gives banks, payment firms and cybersecurity teams concrete names to screen and block.
Entities named in the indictment
| Entity | Alleged owner/operator | Alleged role |
|---|---|---|
| Media Land | Aleksandr Volosovik | St. Petersburg-based bulletproof hosting business allegedly serving cybercriminals |
| ML Cloud | Yulia Pankova | Related hosting business allegedly tied to cybercriminal infrastructure |
Sources
Written by
XOOMAR Insights Team
Research and Editorial Desk
The XOOMAR Insights Team pairs automated research with human editorial judgment. We track hundreds of sources across technology, fintech, trading, SaaS, and cybersecurity, cross-check the facts, and explain what happened, why it matters, and what to watch next. We do not just rewrite headlines. Every article is fact-checked and scored for reliability before it goes live, and we link back to the original sources so you can verify anything yourself.
Explore More Topics
Related Articles
CybersecurityUS Slaps $10M Bounty on Russian Signal, WhatsApp Hackers
$10M is on the table for tips on Russia-linked groups accused of hijacking Signal and WhatsApp accounts used by officials and journalists.
CybersecurityRussian Signal Phishing Hijacks VIP Accounts in Support Scam
Russian actors are phishing Signal users for recovery keys, targeting officials, military figures and journalists without breaking encryption.
CybersecurityPolice Rip SocGholish Malware From 14,971 WordPress Sites
Police cleaned SocGholish from 14,971 WordPress sites and seized 106 servers, cutting a major Evil Corp infection chain.
CybersecurityEurope Turns Up Heat on Putin as Ukraine Talks Hit Paris
Macron is staging Paris Ukraine talks with Zelenskyy, Starmer and Merz as Europe looks to turn Kyiv's momentum into pressure on Putin.
CybersecurityAccused Scattered Spider Teen Dragged to US in $100M Case
A 19-year-old accused Scattered Spider member is in U.S. custody over a case tied to 100-plus intrusions and $100M in ransoms.
Global TrendsChipotle Mexico Gamble Draws Fire Before First Bite
Chipotle’s first Mexico outlet lands in Monterrey under ridicule, turning a restaurant opening into a test of culture, branding and pride.
Global TrendsCourt Forces Trump Carroll Payment as $5.6M Finally Lands
Trump paid E Jean Carroll $5.62m after failing to delay a civil judgment for sexual abuse and defamation.
TradingCooling June CPI Hands Fed Cover to Dodge Rate-Hike Fight
June CPI cooled to 3.5%, easing pressure for an immediate Fed hike, but falling energy prices may be masking sticky inflation.
TechnologyAnthropic Drafts Monzo Founder as Compute Crunch Bites
Anthropic hired Monzo co-founder Tom Blomfield, signaling that compute scarcity is now a core product and operations fight.
FintechAfter $21B, Dimon Keeps JPMorgan CEO Transition Vague
Dimon says JPMorgan's CEO handoff is still years away, leaving investors with big profits but no clear successor timeline.
Don't miss the signal
Get our weekly roundup of the stories that matter across tech, fintech, and trading. No noise, just signal.
Free forever. No spam. Unsubscribe anytime.