Federal prosecutors unsealed an indictment that accuses three Russian nationals and two St. Petersburg-based hosting companies of operating a vast cybercrime infrastructure that targeted U.S. institutions and caused tens of millions in losses.
An indictment returned in December 2024 was unsealed earlier this week in the Northern District of Ohio, naming three individuals and two companies accused of running services that supported a wide range of criminal cyber activity. The charges include conspiracy to commit and aid and abet computer fraud, conspiracy to commit wire fraud, wire fraud and conspiracy to commit money laundering.
- Alexander Alexandrovich Volosovik, 43, of St. Petersburg, Russia;
- Kirill Andreevich Zatolokin, 34, of St. Petersburg, Russia;
- Yulia Vladimirovna Pankova, 29, of St. Petersburg, Russia;
- Medialand LLC, headquartered in St. Petersburg, Russia; and
- ML.Cloud LLC, headquartered in St. Petersburg, Russia.
The U.S. Department of State’s Rewards for Justice program offered a reward of up to $10 million and possible relocation for actionable information related to foreign government-linked associates of Pankova, Volosovik and Zatolokin or the foreign government-linked use of Media Land or ML.Cloud. U.S. sanctions were announced in November 2025 against the indicted defendants and the companies named in the indictment.
“From their overseas haven, these defendants ran the criminal infrastructure that powered attacks on critical institutions across our nation,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division. “Their actions put the American public at risk. We will continue to dismantle these networks and protect our critical infrastructure from cybercriminals at home and abroad.”
According to the court documents, Medialand LLC (owned by Volosovik) and ML.Cloud (at the time of investigation and indictment, owned by Pankova) provided servers and internet services that supported client users. Those services allegedly let criminal clients host malicious tools, coordinate attacks, and mask operations from law enforcement.
U.S. officials said the victims were spread across multiple sectors and states, affecting banks, schools, government entities, hospitals, and media companies. “The victims in this case are not only in Ohio, but also in 20 other states across the country, touching every aspect of Americans’ lives. They include banks, schools, government entities, hospitals, and media companies,” said U.S. Attorney David M. Toepfer for the Northern District of Ohio.
Medialand’s infrastructure reportedly operated across several countries, including China, Finland, the Netherlands, and the United States. Those businesses are described in the indictment as offering what the industry calls bulletproof hosting, intentionally marketing or leasing infrastructure to cybercriminals to help them evade detection.
“With today’s actions, the FBI and our partners are striking at the core services that cybercriminals rely on to attack U.S. critical infrastructure,” said Assistant Director Brett Leatherman of FBI Cyber Division. “Media Land has enabled malicious activity causing tens of millions in losses and impacting victims across 21 states and multiple countries. This is another step in our broader campaign to shrink the space in which these actors can operate, forcing them to work harder, take greater risks, and lose the anonymity they depend on.”
The indictment says Volosovik advertised his services on criminal forums, touting features attractive to cybercriminals. Medialand and ML.Cloud allegedly gave co-conspirators the infrastructure to infect victim computers with malware and ransomware, then extort those victims for money and cryptocurrency, and to run criminal marketplaces, register fraudulent domains, and launch phishing and brute-force attacks.
Prosecutors allege 42 victims in 21 states were targeted by criminal groups using Medialand’s and ML.Cloud’s services. Law enforcement officials tied the infrastructure to campaigns that caused tens of millions in documented losses and affected victims across the United States and abroad.
“Today’s announcement underscores the importance of global partnerships and international collaboration, especially in a borderless world riddled with cyber criminals,” said Special Agent in Charge Josh DelManzo of the FBI Cleveland Field Office. “The methods used by these bad actors, including ransomware, malware, phishing and other cyber activity, serves as a reminder that whether for business or personal use, when you are online, criminal networks will stop at nothing to hack, attack, share, or sell your information for their own greed, gain, and profit. The FBI and its partners will continue to identify and cripple criminal networks and freeze their infrastructures to reduce or remove the threats to the public and further protect trusting individuals and companies.”
The November 2025 Department of the Treasury’s Office of Foreign Assets Control sanctions on the defendants and entities were joined in full by the United Kingdom and in part by Australia. OFAC’s measures block U.S. property and prohibit transactions by U.S. persons, and they specifically named the individuals Volosovik, Zatolokin and Pankova as well as Medialand and related subsidiaries Media Land Technology (MLT), Data Center Kirishi (DC Kirishi), and ML Cloud.
“The Department of State is committed to countering malicious cyber activities that threaten U.S. critical infrastructure and our national security,” said Deputy Assistant Secretary and Assistant Director of the U.S. Department of State’s Diplomatic Security Service for Cyber & Technology Security Gharun Lacy. “We remain relentless in our efforts to generate information that helps our law enforcement partners disrupt campaigns against our national interest and bring these malicious cyber actors to justice.”
The criminal investigation has been led by the FBI Cleveland Division with assistance from the Cybersecurity and Infrastructure Security Agency and OFAC, along with international partners including the National Police of the Netherlands, the Public Prosecutor’s Office of the Netherlands, the United Kingdom’s National Crime Agency, and Australian authorities. Trial Attorney Christen Gallagher of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Duncan T. Brown are prosecuting the case.
CCIPS investigates and prosecutes cybercrime and IP crime in coordination with domestic and international partners and the private sector. Since 2020, CCIPS has secured the conviction of over 180 cyber and IP criminals and court orders for the return of over $350 million in victim funds, and the current action is part of Operation Riptide, the FBI’s sustained campaign against cybercriminal infrastructure and related financial networks.
Americans reported over $20 billion in losses to cybercrime last year, a 26 percent single-year increase that officials cite as a core reason for intensified global enforcement. An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.




