A $10 Million Bounty for Cybercriminals
The U.S. Department of Justice unsealed an indictment charging three Russian nationals and two companies with operating a “bulletproof hosting” infrastructure. The U.S. government is now offering a reward of up to $10 million for information leading to the defendants, who remain at large in St. Petersburg, Russia.

The Architects of Digital Extortion
The 75-page indictment, returned in December 2024 in the Northern District of Ohio, identifies the primary defendants as Alexander Alexandrovich Volosovik (43), Kirill Andreevich Zatolokin (34), and Yulia Vladimirovna Pankova (29). Prosecutors allege the trio operated two companies, Media Land LLC and ML.Cloud LLC, which served as the digital backbone for major cybercriminal operations.
The charges include conspiracy to commit and aid and abet computer fraud, conspiracy to commit wire fraud, wire fraud, and conspiracy to commit money laundering. According to the Department of Justice, the defendants’ infrastructure enabled ransomware groups—including LockBit, BlackSuit, and Play—to target victims across 21 U.S. states and multiple international jurisdictions. The indictment cites 44 unnamed victims who suffered combined losses exceeding $62 million.
Masking Malicious Traffic
“Bulletproof hosting” refers to server services specifically engineered to survive detection and defy law enforcement takedowns. Media Land and ML.Cloud utilized shell companies and rapid IP rotation to mask the origins of malicious traffic.
U.S. Attorney David M. Toepfer stated that Media Land maintained vast numbers of servers that hosted some of the most vicious ransomware gangs on the planet. The infrastructure supported various criminal marketplaces, including Briansclub and Cardhouse. Prosecutors allege Volosovik, known online by the handle “Yalishanda,” actively promoted these services on criminal forums to cybercriminals seeking to evade security software.
Sanctions and Jurisdictional Hurdles
The U.S. Treasury Department imposed sanctions on the three individuals and their associated companies in November 2025. These actions were coordinated with authorities in the United Kingdom and Australia, and the European Union announced its own sanctions on July 13. Despite these sanctions, the defendants have continued to operate from Russia, a nation that does not maintain an extradition treaty with the United States.

The investigation was led by the FBI’s Cleveland Division, with support from the Cybersecurity and Infrastructure Security Agency (CISA) and international partners, including the Australian Federal Police (AFP) and the Netherlands’ National Police.
Targeting the Infrastructure Supply Chain
This case reflects a broader strategy among Western law enforcement agencies: targeting the service providers that fuel the cybercrime ecosystem rather than focusing solely on individual attackers. By disrupting the “bulletproof” networks, officials aim to increase the operational costs for ransomware gangs.
However, the case also underscores the limitations of traditional legal tools against actors operating from jurisdictions that provide safe harbor. While the U.S. government has authorized a $10 million reward via the Rewards for Justice program, the FBI remains focused on monitoring the “displacement” of these criminal networks as they attempt to shift their operations to new infrastructure following the recent enforcement actions.