US Treasury Sanctions Russian Hosting Service Tied to Ransomware
Date Posted: [Insert Date]
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned Aeza Group, a Russia-based provider of “bulletproof hosting” (BPH), along with its leadership and a linked cryptocurrency address. OFAC allegations center on Aeza allegedly facilitating ransomware attacks and data theft by offering access to specialized servers to cybercriminals (Treasury announcement).
Aeza Group’s Alleged Operations
According to OFAC, Aeza Group, registered in St. Petersburg, specialized in bulletproof hosting services. These services allegedly enabled access to resilient servers and infrastructure, used specifically to support activities like ransomware campaigns and the deployment of data-stealing malware for criminal groups (OFAC statement, July 9, 2025).
The sanctions designate four key individuals linked to Aeza:
- Arsenii Aleksandrovich Penzev (CEO/Part Owner)
- Yurii Meruzhanovich Bozoyan (General Director/Part Owner)
- Vladimir Vyacheslavovich Gast (Technical Director)
- Igor Anatolyevich Knyazev (Part Owner)
Treasury officials stated that Igor Knyazev may be managing operations after Penzev and Bozoyan faced Russian law enforcement investigations for alleged ties to the darknet marketplace BlackSprut.
Key Assets Targeted
Sanctions also target:
- A specific Tron blockchain address identified as an administrative wallet for Aeza, handling payments, cash-outs to processors, and transfers to exchanges or direct service fees. (Chainalysis analysis, July 9, 2025)
- A sum of cryptocurrency valued at $350,000
- Several Russian and UK-based companies with alleged connections to Aeza
Blockchain analysis further revealed this Aeza-linked Tron address had direct ties to other illicit actors, including the Russian exchange Garantex, via intermediary addresses involved in cybercrime services (TRM Labs analysis, July 9, 2025).
Targeting the Cybercrime Supply Chain
OFAC highlighted that Aeza allegedly supplied BPH to various known groups:
- Ransomware groups such as BianLian
- Infostealer operators including Lumma, RedLine, and Meduza
- The Russian darknet marketplace BlackSprut
Digital security perspectives underscore the significance of these sanctions. Chainalysis noted them as a “significant step” in weakening the infrastructure enabling large-scale cybercrime, specifically targeting the supply chain rather than individual actors post-offense (Chainalysis statement, July 9, 2025). TRM Labs echoed this, viewing sanctions on entities like Aeza as reducing the “surface area of abuse” and identifying potential leverage points for law enforcement (TRM Labs statement, July 9, 2025).
Implications of the Sanctions
The imposition of sanctions triggers legal consequences, including the freezing of all linked U.S. assets and prohibitions against any U.S. persons engaging in financial or business transactions concerning the designated targets, subject to civil and criminal penalties.
Broader Trend: Global Crackdown on Ransomware Infrastructure
The action aligns with a pattern of heightened international cooperation against illicit cyber infrastructure. Relatedly, the U.S. and other countries like the UK and Australia have recently sanctioned other hosting providers linked to ransomware families, such as LockBit (Sep. 6, 2025 – related news example).
Encryption security firms highlight the persistent threat landscape, with phishing attacks, particularly those stealing cryptocurrency keys, being a primary way criminals access funds (CertiK analysis).
