★ INSERT COINNOW PLAYING: VENTURESHIGH SCORE: $100M ARR★ NEW STAGE UNLOCKED: ABOUT MEPRESS START★ DEMO DAY 04:00:00
★ INSERT COINNOW PLAYING: VENTURESHIGH SCORE: $100M ARR★ NEW STAGE UNLOCKED: ABOUT MEPRESS START★ DEMO DAY 04:00:00
◀ BACK TO FEED
NEWSCYBERSECURITYJUL 15, 2026

US targets the hosting infrastructure behind ransomware attacks

US prosecutors charged alleged operators of hosting companies accused of supporting ransomware, phishing and critical-infrastructure attacks.

US targets the hosting infrastructure behind ransomware attacks

Cybercrime groups depend on more than malware. They also need servers, domains and hosting providers willing to keep their infrastructure online despite complaints and takedown requests.

What happened

US prosecutors charged three Russian nationals and two hosting companies over allegations that they provided infrastructure used for ransomware, phishing and attacks on critical systems. Authorities said criminal activity linked to the services generated approximately $62M in proceeds.

The companies are described as bulletproof hosting providers: businesses that advertise resistance to abuse complaints and allow customers to operate infrastructure that conventional hosting companies would remove. Such providers can support command-and-control servers, phishing pages, malware distribution and data-leak sites.

The charges are allegations, and the defendants have not been convicted. Extradition and enforcement may also be difficult if the individuals remain in jurisdictions that do not cooperate with US authorities.

Why it matters

Ransomware operations are organised supply chains. Developers create malware, affiliates gain access to victims, brokers sell stolen credentials, and infrastructure providers keep the operation running. Targeting hosting companies can disrupt several criminal groups at once rather than focusing only on individual attackers.

It also signals that law-enforcement agencies are increasingly treating enabling infrastructure as a strategic point of intervention.

The bigger picture

Cybersecurity enforcement is moving beyond arresting hackers toward dismantling the commercial services that make attacks scalable. The effectiveness of this strategy will depend on international cooperation, asset seizures and whether customers can quickly migrate to alternative providers. Even when operators cannot be arrested, public indictments can restrict travel, expose financial relationships and make infrastructure harder to monetise. For defenders, the case reinforces the importance of tracking not just malware signatures but also the hosting networks and service providers repeatedly associated with criminal activity.

#RANSOMWARE#BULLETPROOF HOSTING#CYBERCRIME#CRITICAL INFRASTRUCTURE#DOJ