Federal prosecutors have unsealed an indictment against three Russian nationals accused of operating web hosting services that enabled ransomware gangs and state-backed hackers to steal $62 million from American businesses. The charges, filed in 2024 but kept under seal until this week, target Alexander Volosovik, Kirill Zatolokin, and Yulia Pankova, who allegedly ran two St. Petersburg-based companies designed to shield cybercriminals from law enforcement. Main Developments The Justice Department alleges that Media Land and ML.Cloud, both owned by the three defendants, served as so-called bulletproof web hosts. These companies deliberately refused to comply with law enforcement takedown requests or demands for customer information, allowing hackers to operate with near-impunity. Prosecutors say the infrastructure supported distributed denial-of-service attacks, phishing campaigns, and strikes on U.S. critical infrastructure across more than 20 states. The hackers collectively extracted $62 million in proceeds from cybercrime, according to court documents. Read also: Pinwheel Brings Back the Landline for Kids, Now Over Wi-Fi The U.S. Treasury previously sanctioned both Media Land and ML.Cloud for knowingly providing services to ransomware groups including LockBit, BlackSuit, and Play. Economic sanctions now bar Americans and U.S. businesses from any transactions with the defendants or their companies. Background The indictment charges the three Russians with hacking, conspiracy, and money laundering. All three reside in St. Petersburg, a city that has emerged as a hub for cybercriminal operations targeting Western organizations. The charges were originally filed in 2024 but remained sealed until this week's unsealing. Bulletproof web hosts have become a critical enabler for ransomware gangs, providing server space and infrastructure that is resistant to law enforcement disruption. Unlike legitimate hosting providers, these companies often operate out of jurisdictions with weak cybercrime laws or, as in this case, countries that shield their citizens from extradition. Why It Matters The case underscores how infrastructure providers, not just the hackers who deploy ransomware, are increasingly in the crosshairs of U.S. prosecutors. By targeting the companies that enable cybercrime, authorities hope to disrupt the supply chain that fuels attacks on hospitals, schools, and critical infrastructure. However, the practical impact remains limited. Russia has a well-documented policy of shielding its citizens from extradition to the United States, making it unlikely that Volosovik, Zatolokin, or Pankova will ever face trial. U.S. law enforcement has historically only arrested high-value Russian cybercriminals when they travel to countries with diplomatic agreements with Washington. What's Next The defendants remain in Russia, where they are effectively beyond the reach of U.S. law enforcement absent a rare extradition or travel abroad. The Justice Department's statement, delivered by Assistant Attorney General A. Tysen Duva, promised continued efforts to dismantle these networks and protect critical infrastructure. In the meantime, the sanctions against Media Land and ML.Cloud remain in effect, cutting off the companies from the U.S. financial system. Prosecutors may also pursue forfeiture of assets linked to the alleged $62 million in proceeds, though recovering funds held in Russia presents significant obstacles.