Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1901+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. News
  3. US Charges Three Russians Over Bulletproof Hosting Service That Fueled $62M in Ransomware Damages
US Charges Three Russians Over Bulletproof Hosting Service That Fueled $62M in Ransomware Damages
NEWS

US Charges Three Russians Over Bulletproof Hosting Service That Fueled $62M in Ransomware Damages

US federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service used by ransomware gangs, resulting in over $62 million in damages to victims worldwide.

Dylan H.

News Desk

July 15, 2026
4 min read

Three Russians Indicted for Hosting Ransomware Infrastructure

US federal prosecutors have unsealed charges against three Russian nationals, accusing them of operating a bulletproof hosting (BPH) service that provided critical infrastructure to ransomware gangs responsible for more than $62 million in damages to victims across the United States and abroad.

The indictment marks another significant enforcement action by the Department of Justice targeting the shadowy hosting ecosystem that underpins much of the ransomware economy — providers who knowingly shelter cybercriminals in exchange for payment, ignoring or deflecting abuse complaints from law enforcement and victims.


What Is Bulletproof Hosting?

Bulletproof hosting (BPH) services are purpose-built to ignore takedown requests, abuse notices, and law enforcement inquiries. Unlike legitimate hosting providers who terminate accounts engaged in malicious activity, BPH operators:

  • Accept cryptocurrency payments with no identity verification
  • Rapidly migrate infrastructure when pressure mounts
  • Maintain operations across multiple jurisdictions to frustrate investigations
  • Market explicitly to criminal customers seeking operational security

These services form a foundational layer of the cybercrime ecosystem — without reliable infrastructure, ransomware gangs, botnets, and fraud operations cannot maintain the uptime and resilience their operations demand.


The Charges

According to the DOJ indictment, the three defendants provided BPH services to ransomware groups that attacked hospitals, schools, critical infrastructure, and private companies. The alleged services included:

Service ProvidedDescription
Resilient hostingInfrastructure resistant to law enforcement takedowns
IP cyclingRapid rotation of IP addresses to evade blocklists
Abuse deflectionIgnoring and countering law enforcement abuse reports
Cryptocurrency paymentsAnonymous payment processing for criminal clients
Infrastructure migrationMoving data quickly when under investigation pressure

The charges include conspiracy to commit wire fraud, computer fraud, and related offenses. If convicted, the defendants face substantial prison sentences.


Scale of Damage

The $62 million figure represents documented ransomware damages tied to threat actors who relied on the defendants' infrastructure. This figure likely understates the true impact, as many ransomware victims do not report incidents or the full extent of financial losses.

Ransomware gangs using BPH services have targeted:

  • Hospitals and healthcare systems (disrupting patient care)
  • Schools and universities (compromising student data)
  • Municipal governments (disrupting public services)
  • Critical infrastructure operators
  • Private businesses of all sizes

Law Enforcement Cooperation

The investigation reflects cross-border cooperation between US law enforcement and international partners. Ransomware and BPH operations typically span multiple countries, requiring coordinated action across jurisdictions.

The indictment follows a broader pattern of US enforcement actions targeting the cybercrime support ecosystem:

  • Takedowns of dark web marketplaces
  • Sanctions against cryptocurrency exchanges facilitating ransomware payments
  • Charges against cryptocurrency launderers who processed ransom proceeds
  • Disruption of ransomware gang infrastructure

Significance for the Threat Landscape

Bulletproof hosting is a force multiplier for ransomware gangs. Without reliable infrastructure:

  • Command and control servers cannot maintain persistence
  • Ransomware leak sites cannot stay online to pressure victims
  • Negotiation portals go offline, reducing pressure on targets
  • Exfiltrated data cannot be staged for publication

Disrupting BPH providers can reduce the operational efficiency of multiple ransomware groups simultaneously, making enforcement actions against infrastructure operators a high-leverage strategy compared to pursuing individual ransomware affiliates.


Defensive Recommendations

Organizations can reduce their exposure to ransomware groups that rely on BPH infrastructure:

  1. Block known BPH IP ranges — threat intelligence feeds often track BPH provider IP space
  2. Monitor for C2 communications — implement egress filtering and DNS monitoring
  3. Patch aggressively — ransomware entry points are commonly unpatched vulnerabilities
  4. Segment networks — limit lateral movement if ransomware gains an initial foothold
  5. Offline backups — maintain tested, offline backup sets ransomware cannot encrypt
  6. Phishing training — BPH-hosted phishing sites are a common initial access vector
  7. Incident response planning — prepare a ransomware response playbook in advance

References

  • BleepingComputer — US Charges Alleged Russian Bulletproof Hosting Service Operators
  • US Department of Justice

Related Reading

  • SonicWall SMA1000 Zero-Day Exploits — Patch Immediately
  • CVE-2026-59084: Apache Tomcat EncryptInterceptor (CVSS 9.1)
#Ransomware#Russia#Cybercrime#Bulletproof Hosting#DOJ#Indictment

Related Articles

Manager of Botnet Used in Ransomware Attacks Gets 2 Years

Ilya Angelov, co-leader of the TA551/Mario Kart cybercrime group, was sentenced to two years in prison for operating a phishing botnet that sent 700,000...

4 min read

Russian Hacker Who Helped Yanluowang Ransomware Gang Gets

Aleksei Volkov, a Russian initial access broker who sold unauthorized access to U.S. companies for the Yanluowang ransomware group, has been sentenced to...

3 min read

Phobos Ransomware Admin Pleads Guilty — 1,000+ Victims

Evgenii Ptitsyn, 43, a Russian national who administered the Phobos ransomware-as-a-service operation, pleaded guilty to wire fraud conspiracy in the U.S....

7 min read
Back to all News