Crime

3 Russian nationals indicted for international cybercrimes, $62M in losses to victims

FBI Cleveland and partners say St. Petersburg-based operators ran criminal hosting services used to launch malware and ransomware, prompting sanctions and a $10M reward offer.
FBI Cleveland and partners say St. Petersburg-based operators ran criminal hosting services used to launch malware and ransomware, prompting sanctions and a $10M reward offer. Zolnierek/Getty Images/iStockphoto

The U.S. Attorney’s Office for the Northern District of Ohio has announced the unsealing of an indictment charging three Russian nationals for their roles in malicious cyber activities against U.S. critical infrastructure affecting victims in 21 states and in several countries, with losses amounting to tens of millions of dollars. These charges are the result of a seven-year-long investigation.

A federal grand jury returned an indictment in December 2024 charging the following defendants with Conspiracy to Commit and Aid and Abet Computer Fraud, Conspiracy to Commit Wire Fraud, Wire Fraud, and Conspiracy to Commit Money Laundering:

  • Alexander Alexandrovich Volosovik, 43, of St. Petersburg, Russia
  • Kirill Andreevich Zatolokin, 34, of St. Petersburg, Russia
  • Yulia Vladimirovna Pankova, 29, of St. Petersburg, Russia
  • Media Land, LLC, headquartered in St. Petersburg, Russia
  • ML.Cloud, LLC, headquartered in St. Petersburg, Russia

“From their overseas safe haven, these defendants ran the criminal infrastructure that powered attacks on critical institutions across our nation,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division. “Their actions put the American public at risk. We will continue to dismantle these networks and protect our critical infrastructure from cybercriminals at home and abroad.”

In addition to the unsealing of the indictment, the U.S. Department of State’s Rewards for Justice (RFJ) program announced that it is offering a reward of up to $10 million and possible relocation for actionable information on foreign government-linked associates of Pankova, Volosovik and Zatolokin, their malicious cyber activities, or foreign government-linked use of Media Land or ML.Cloud. U.S. sanctions were announced in November 2025 against the indicted defendants and companies.

“The victims in this case are not only in Ohio, but also in 20 other states across the country, touching every aspect of Americans’ lives. They include banks, schools, government entities, hospitals, and media companies,” said United States Attorney David M. Toepfer for the Northern District of Ohio. “Together with our international partners, we will aggressively combat the efforts of individuals who hide behind computers anywhere in the world who seek to profit and wreak havoc by targeting the infrastructures that support our communities.”

According to allegations in court documents, Media Land, LLC, owned by Volosovik, and ML.Cloud, owned by Pankova, at the time of investigation and indictment, were both based in St. Petersburg and provided infrastructure for computer servers and related internet services. Media Land’s infrastructure also operated out of multiple countries including China, Finland, the Netherlands, and the United States.

These businesses provided what are known as “bulletproof hosting” services for client users to not only conduct criminal activities, but also to evade detection by law enforcement. Such businesses knowingly and intentionally market and/or lease their infrastructure to cybercriminals.

According to the indictment, Media Land and ML.Cloud provided infrastructure and tech support to criminal client co-conspirators with the means to infect victim computers with malware and ransomware and then extorted those victims for money and cryptocurrency.

Other computer-based crimes facilitated by Media Land and ML.Cloud included supporting criminal marketplaces, fraudulent domain registrations, and providing the platform from which to launch phishing and brute force attacks.

“This announcement underscores the importance of global partnerships and international collaboration, especially in a borderless world riddled with cyber criminals,” said FBI Cleveland Special Agent in Charge Josh DelManzo. “The methods used by these bad actors, including ransomware, malware, phishing and other cyber activity, serves as a reminder that whether for business or personal use, when you are online, criminal networks will stop at nothing to hack, attack, share, or sell your information for their own greed, gain, and profit. The FBI and its partners will continue to identify and cripple criminal networks and freeze their infrastructures to reduce or remove the threats to the public and further protect trusting individuals and companies.”

Investigators found that dozens of victim organizations were targeted by criminal groups who used Media Land’s and ML.Cloud’s services. Victim entities included banks, schools, government entities, hospitals, and media companies. The victims were located throughout the U.S. and across the world.

“The Department of State is committed to countering malicious cyber activities that threaten U.S. critical infrastructure and our national security,” said Deputy Assistant Secretary and Assistant Director of the U.S. Department of State’s Diplomatic Security Service for Cyber & Technology Security Gharun Lacy. “We remain relentless in our efforts to generate information that helps our law enforcement partners disrupt campaigns against our national interest and bring these malicious cyber actors to justice.”

In the Northern District of Ohio, victims were located in: Akron, Brookfield, Canton, Cleveland, Elyria, Medina, Findlay, Solon, and Valley View.

At least 20 other states were also affected including: California, Delaware, Florida, Georgia, Illinois, Louisiana, Maryland, Massachusetts, Michigan, Minnesota, New Hampshire, New York, North Carolina, Pennsylvania, Tennessee, Texas, Utah, Virginia, Washington state, Wisconsin. International victims were located in Australia, the European Union, the United Arab Emirates, Canada and the United Kingdom.

“Cybercriminals persist in their efforts to disrupt networks and systems while remaining undetectable and difficult to trace. Bulletproof hosting providers are increasingly becoming common accomplices, posing an imminent and significant risk to the resilience and safety of critical systems and services,” said CISA Industry Team Operations Manager, Nicholas Colella. “CISA’s global collaboration with governments, law enforcement, and the private sector is making it harder for cybercriminals to remain anonymous online. Our joint BulletProof Defense guide provides actionable information to reduce the effectiveness of this nefarious infrastructure and risk to this threat.”

Anyone with information should contact Rewards for Justice via its Tor-based tips-reporting channel.

In November 2025, the Department of the Treasury’s Office of Foreign Assets Control, joined by the United Kingdom’s Foreign Commonwealth and Development Office and Australia’s Department of Foreign Affairs and Trade, designated Media Land as a Specially Designated National (SDN) for facilitating global ransomware operations, DDoS attacks, and malicious cyber activities.

The sanctions block all U.S. property and prohibit transactions by U.S. persons. Volosovik, Zatolokin, and Pankova were individually sanctioned. Media Land subsidiaries Media Land Technology (MLT) and Data Center Kirishi (DC Kirishi) along with Media Land’s sister company, ML Cloud were also sanctioned.

On July 13, the European Union also announced sanctions as a crucial step in the international fight against cybercrime.

This investigation is being led by the FBI Cleveland Division, with the assistance of the Cybersecurity/Infrastructure Security Agency (CISA), and the Office of Foreign Assets Control (OFAC).