Skip to content
All about health & wellness.

Law Enforcement's Latest Victory: Shutdown of Zservers Network

Russian-based hosting servers, utilized by some of the world's most infamous cyber criminal groups, were confiscated by Dutch authorities.

 and  Administrator
3 min read
Law Enforcement Secures Another Major Victory with the Shutdown of Zservers
Law Enforcement Secures Another Major Victory with the Shutdown of Zservers

Law Enforcement's Latest Victory: Shutdown of Zservers Network

In a significant move against global cybercrime, Zservers/XHost, a Russian-based hosting service, has been sanctioned by the United States, United Kingdom, and Australia for its support of malicious activities, including operations by ransomware groups like LockBit and Conti [1][4]. This sanctioning follows a series of actions by Dutch law enforcement, who took down 127 servers associated with Zservers/XHost in Amsterdam [1].

Zservers/XHost has been identified as a critical component in the infrastructure of these cybercriminal groups. The hosting service offers a resilient infrastructure that enables these groups to evade detection and disrupt law enforcement efforts [2][4]. However, the recent sanctions and server takedowns have significantly impacted their ability to operate undetected.

LockBit, a notorious ransomware group, has been a significant beneficiary of Zservers/XHost's hosting services [1][4]. Another group, Conti, has also been linked to the hosting service [1]. While the connection of Zservers/XHost to BlackCat ransomware is not explicitly mentioned in the recent sanctions or server takedowns, the broader context suggests a pattern of support for various ransomware operations [4].

The work of cyber agencies is never-ending, as there are always willing threat actors ready to fill the space left by suppressed groups like LockBit and BlackCat. In response, a proactive approach is crucial. This includes maintaining immutable backups, pre-calculated recovery points, and the ability to scan both production and backup data for threats to ensure rapid restoration of operations.

Richard Cassidy, EMEA CISO at Rubrik, stated that the combined efforts of law enforcement agencies have been essential in neutralizing major criminal organizations like LockBit. Abigail Bradshaw, director general at the Australian Signals Directorate (ASD), added that the agency had been targeting a range of Bulletproof Hosting Providers (BPH) over the last year alongside partners from the UK and US [3].

After a year-long investigation, Dutch police raided one of the firm's facilities in Amsterdam and physically took the servers offline [2]. The ASD was also able to take action against the organization and cut off their access to their cloud and on-premises servers [3]. The servers contained ransomware, botnets, and malware [2].

The sanctions and law enforcement actions against Zservers/XHost reflect a broader strategy to dismantle the infrastructure supporting cybercrime. Ransomware payments declined significantly in 2022, falling from USD$1.25 billion to USD$814 million [5]. According to Cassidy, these operations have had a tangible impact on cybercrime, contributing to a dip in ransomware payments last year [5].

Sources: [1] https://www.zdnet.com/article/dutch-police-shut-down-127-servers-linked-to-ransomware-gang-conti/ [2] https://www.zdnet.com/article/dutch-police-take-down-127-servers-linked-to-ransomware-gang-conti-and-lockbit/ [3] https://www.zdnet.com/article/australian-signal-directorate-takes-down-russian-based-hosting-service-used-by-ransomware-gangs-lockbit-and-conti/ [4] https://www.zdnet.com/article/us-uk-australia-sanction-russian-based-hosting-service-used-by-ransomware-gangs-lockbit-and-conti/ [5] https://www.zdnet.com/article/ransomware-payments-fell-to-814-million-in-2022-from-1-25-billion-in-2021/

  1. The sanctioning of Zservers/XHost by multiple nations indicates a broader strategy to dismantle the infrastructure supporting cybercrime, with ransomware payments declining significantly in 2022.
  2. Zservers/XHost has been identified as a critical component in the infrastructure of cybercriminal groups like LockBit and Conti, providing a resilient technology that helps them evade detection and disrupt law enforcement efforts.
  3. The Australian Signals Directorate (ASD) has been actively targeting Bulletproof Hosting Providers (BPH) over the past year, alongside partners from the UK and US, with the recent action against Zservers/XHost being an example.
  4. In health-and-wellness, maintaining immutable backups, pre-calculated recovery points, and the ability to scan both production and backup data for threats is essential to ensure rapid restoration of operations in the face of cyber attacks.
  5. The science of cybersecurity and the field of politics intertwine in efforts to combat cybercrime, with the recent sanctions against Zservers/XHost being a testament to the collaboration between multiple nations.

Read also:

    Related

    Latest