Three Russian Nationals Indicted for International Cybercrimes Resulting in More Than $62M in Losses to Victims
Arizona Free Press
← Back to
National News
State Department Offering Reward of up to $10M for Information
CLEVELAND – The U.S. Attorney’s Office for the Northern District of Ohio has announced the unsealing of an indictment charging three Russian nationals for their roles in malicious cyber activities against U.S. critical infrastructure affecting victims in 21 states and in several countries, with losses amounting to tens of millions of dollars. These charges are the result of a seven-year-long investigation.
A federal grand jury returned an indictment in December 2024 charging the following defendants with Conspiracy to Commit and Aid and Abet Computer Fraud, Conspiracy to Commit Wire Fraud, Wire Fraud, and Conspiracy to Commit Money Laundering:
Alexander Alexandrovich Volosovik, 43, of St. Petersburg, Russia
Kirill Andreevich Zatolokin, 34, of St. Petersburg, Russia
Yulia Vladimirovna Pankova, 29, of St. Petersburg, Russia
Media Land, LLC, headquartered in St. Petersburg, Russia
ML.Cloud, LLC, headquartered in St. Petersburg, Russia
In addition to the unsealing of the indictment, the U.S. Department of State’s Rewards for Justice (RFJ) program announced today that it is offering a reward of up to $10 million and possible relocation for actionable information on foreign government-linked associates of Pankova, Volosovik and Zatolokin, their malicious cyber activities, or foreign government-linked use of Media Land or ML.Cloud. U.S. sanctions were announced in November 2025 against the indicted defendants and companies.
According to allegations in court documents, Media Land, LLC, owned by Volosovik, and ML.Cloud, owned by Pankova, at the time of investigation and indictment, were both based in St. Petersburg and provided infrastructure for computer servers and related internet services. Media Land’s infrastructure also operated out of multiple countries including China, Finland, the Netherlands, and the United States. These businesses provided what are known as “bulletproof hosting” services for client users to not only conduct criminal activities, but also to evade detection by law enforcement. Such businesses knowingly and intentionally market and/or lease their infrastructure to cybercriminals. According to the indictment, Media Land and ML.Cloud provided infrastructure and tech support to criminal client co-conspirators with the means to infect victim computers with malware and ransomware and then extorted those victims for money and cryptocurrency. Other computer-based crimes facilitated by Media Land and ML.Cloud included supporting criminal marketplaces, fraudulent domain registrations, and providing the platform from which to launch phishing and brute force attacks.
Investigators found that dozens of victim organizations were targeted by criminal groups who used Media Land’s and ML.Cloud’s services. Victim entities included banks, schools, government entities, hospitals, and media companies. The victims were located throughout the U.S. and across the world. In the Northern District of Ohio, victims were located in: Akron, Brookfield, Canton, Cleveland, Elyria, Medina, Findlay, Solon, and Valley View. At least 20 other states were also affected including: California, Delaware, Florida, Georgia, Illinois, Louisiana, Maryland, Massachusetts, Michigan, Minnesota, New Hampshire, New York, North Carolina, Pennsylvania, Tennessee, Texas, Utah, Virginia, Washington state, Wisconsin. International victims were located in Australia, the European Union, the United Arab Emirates, Canada and the United Kingdom.
Anyone with information should contact Rewards for Justice via its Tor-based tips-reporting channel at: he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion (Tor browser required).
More information is available on the RFJ website at RewardsForJustice.net.
In November 2025, the Department of the Treasury’s Office of Foreign Assets Control, joined by the United Kingdom’s Foreign Commonwealth and Development Office and Australia’s Department of Foreign Affairs and Trade, designated Media Land as a Specially Designated National (SDN) for facilitating global ransomware operations, DDoS attacks, and malicious cyber activities. The sanctions block all U.S. property and prohibit transactions by U.S. persons. Volosovik, Zatolokin, and Pankova were individually sanctioned. Media Land subsidiaries Media Land Technology (MLT) and Data Center Kirishi (DC Kirishi) along with Media Land’s sister company, ML Cloud were also sanctioned.