Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC), Australia’s Department of Foreign Affairs and Trade, and the United Kingdom’s Foreign Commonwealth and Development Office are jointly designating Zservers, a Russia-based bulletproof hosting (BPH) services provider, for its role in supporting LockBit ransomware attacks. LockBit, a Russia-based ransomware group best known for its ransomware variant of the same name, is one of the most deployed ransomware variants and was responsible for the November 2023 attack against the Industrial Commercial Bank of China U.S. broker-dealer. BPH service providers sell access to specialized servers and other computer infrastructure designed to evade detection and defy law enforcement attempts to disrupt these malicious activities. OFAC is also designating two Russian nationals who are key administrators of Zservers and have enabled ransomware attacks and other criminal activity. Zservers, headquartered in Barnaul, Russia, has advertised BPH services on known cybercriminal forums to evade law enforcement investigations and takedowns, as well as scrutiny from cybersecurity firms. Zservers has provided BPH services, including leasing numerous IP addresses, to LockBit affiliates, who have used the hosting services to coordinate and launch ransomware attacks. During a 2022 search of a known LockBit affiliate, Canadian law enforcement uncovered a laptop operating a virtual machine that was connected to a Zservers’ subleased IP address and running a programming interface used to operate LockBit malware. In 2022, a Russian cybercriminal purchased IP addresses from Zservers, almost certainly for use as Lockbit chat servers to discuss ransomware operations. In 2023, Zservers leased infrastructure, including a Russian IP address, to a Lockbit affiliate. OFAC is designating Zservers pursuant to Executive Order (E.O.) 13694, as further amended by E.O. 14144, for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, LockBit ransomware, a cyber-enabled activity originating from, or directed by persons located, in whole or substantial part, outside the United States that is reasonably likely to result in, or has materially contributed to, a threat to the national security, foreign policy, or economic health or financial stability of the United States and that has the purpose of or involves causing a misappropriation of funds or economic resources, intellectual property, proprietary or business confidential information, personal identifiers, or financial information for commercial or competitive advantage or private financial gain.
• Executive Order 13694 of April 1, 2015 Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities
• Executive Order 13757 of December 28, 2016 Taking Additional Steps to Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities
• JANUARY 16, 2025 Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity
JANUARY 15, 2025. FACT SHEET: New Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity. Malicious countries and criminals continue to target the United States Government, corporations and individual Americans with cyberattacks. They disrupt critical services, businesses and individual lives, costing billions of dollars and harming national security. This capstone executive order is the result of a review of how these attacks occurred, to understand how to better protect and secure these systems, stay ahead of threats, and make it riskier, costlier and harder for cyber attackers to conduct future attacks.
The United States stands alone among major economies in lacking secure, privacy-preserving digital identity infrastructure, leaving Americans exposed to a wave of cybercrime. Indeed, Americans face $56 billion in identity fraud every year and the U.S. Government confronts billions of dollars in fraud in Federal programs due to the lack of secure, usable digital identities. The Executive Order addresses this problem, making Federal programs more efficient, cutting bureaucracy and fraud, helping Americans be safe online, and promoting America’s digital economy.
Defending against cyber attackers requires rapidly deploying new technologies. The Executive Order addresses this challenge by promoting the use of new AI-based tools for cyber defense and accelerating the transition to “post-quantum cryptographic” algorithms to resist attacks leveraging quantum computing capabilities.
