
Federal prosecutors unsealed a 13-count indictment Tuesday against three Russian nationals and two St. Petersburg companies accused of selling criminal hackers infrastructure that powered ransomware, malware, phishing and brute-force attacks against American banks, hospitals, schools, government agencies and media companies.
The alleged network caused more than $62 million in losses among 44 victims in 21 states and several countries, according to the Justice Department. The indictment identifies two unnamed commercial victims in Waco and Austin.
The defendants are Alexander Alexandrovich Volosovik, 43; Kirill Andreevich Zatolokin, 34; Yulia Vladimirovna Pankova, 29; Media Land, LLC; and ML.Cloud, LLC. All are based in St. Petersburg, prosecutors said.
The indictment charges the defendants with conspiracy to commit and aid and abet computer fraud, conspiracy to commit wire fraud, 10 counts of wire fraud and conspiracy to commit money laundering. A federal grand jury returned the indictment on December 5, 2024, and prosecutors unsealed it July 14 after what the Justice Department described as a seven-year investigation.
Prosecutors describe bulletproof hosting network
Prosecutors allege Media Land and ML.Cloud offered what the cybersecurity industry calls bulletproof hosting, server infrastructure designed to remain available despite complaints about criminal activity and law enforcement efforts to shut it down.
The companies allegedly provided hackers with servers, false domain registrations and fast-flux services that rapidly moved domains among internet addresses to conceal malicious activity. The indictment says Volosovik and Zatolokin ignored or falsely answered abuse reports, rotated infrastructure and accepted cryptocurrency payments to protect clients’ identities.
Investigators allegedly found approximately 389 client usernames and more than 5,000 registered domains in the operation’s databases. The indictment also accuses the defendants of supporting criminal marketplaces and 17 groups that used ransomware, malware or brute-force attacks against victims.
“From their overseas haven, these defendants ran the criminal infrastructure that powered attacks on critical institutions across our nation,” Assistant Attorney General A. Tysen Duva said. “Their actions put the American public at risk. We will continue to dismantle these networks and protect our critical infrastructure from cybercriminals at home and abroad.”
$10 million reward and international sanctions
The State Department’s Rewards for Justice program is offering a reward of up to $10 million and possible relocation for actionable information about foreign government-linked associates of the defendants, their alleged malicious cyber activity or foreign government-linked use of Media Land or ML.Cloud.
The Treasury Department, the United Kingdom and Australia jointly imposed sanctions in November 2025 on Media Land, ML.Cloud, Volosovik, Zatolokin and Pankova. The U.S. sanctions block property under U.S. jurisdiction and generally prohibit transactions involving the designated people and companies.
The European Union separately sanctioned Media Land, Volosovik and ML.Cloud on Monday, accusing them of enabling ransomware and phishing operations against critical infrastructure and essential services.
“The victims in this case are not only in Ohio, but also in 20 other states across the country, touching every aspect of Americans’ lives,” U.S. Attorney David M. Toepfer said. “They include banks, schools, government entities, hospitals, and media companies.”
The FBI Cleveland Division is leading the investigation with assistance from the Cybersecurity and Infrastructure Security Agency, the Treasury Department’s Office of Foreign Assets Control and law enforcement partners in the Netherlands, United Kingdom and Australia.
The charges are allegations. The defendants are presumed innocent unless proven guilty in court.
Provided by Dallas Express






