On February 11, 2025, the United States, United Kingdom, and Australia jointly sanctioned Zservers, a Russia-based company that provided web hosting services used by the LockBit ransomware group. If you are new to cryptocurrency, headlines about sanctions and ransomware might seem distant from your everyday experience — but these events have real implications for anyone who holds, trades, or uses digital assets. With Bitcoin trading at approximately $95,747 and Ethereum at $2,602 on this date, the crypto market has grown large enough that regulatory actions like these can affect the entire ecosystem. This guide breaks down what happened, why it matters, and what you should do about it.
The Basics
Let’s start with the fundamentals. Ransomware is a type of malicious software that encrypts a victim’s files and demands payment — usually in cryptocurrency — in exchange for the decryption key. LockBit is one of the most notorious ransomware groups in the world, responsible for attacks on hospitals, schools, businesses, and government agencies. LockBit operated as a Ransomware-as-a-Service model, meaning the core group developed the ransomware tool and then licensed it to affiliate attackers who carried out the actual attacks.
Zservers was what is known as a “bulletproof hosting” provider. Regular web hosting companies like AWS or Google Cloud have strict terms of service and will shut down accounts that are used for illegal activity. Bulletproof hosting providers, by contrast, are much more lenient about what their customers do and often accept anonymous payments, making them attractive to criminals who need infrastructure that will not be quickly shut down. The U.S. Treasury Department determined that Zservers was providing critical infrastructure that enabled LockBit ransomware attacks.
Why It Matters
You might wonder why sanctions against a Russian hosting company matter to you as a crypto user. There are several reasons. First, governments are increasingly using sanctions as a tool to combat crypto-related crime. When the U.S. Treasury adds cryptocurrency addresses to its sanctions list, it becomes illegal for any U.S. person or company to transact with those addresses. This means cryptocurrency exchanges operating in the U.S. must block transactions involving sanctioned addresses, and some may even freeze accounts that have interacted with them.
Second, these sanctions are part of a broader trend of governments taking a more active role in regulating the cryptocurrency space. The joint action by the U.S., U.K., and Australia shows that international cooperation on crypto enforcement is strengthening. This is generally positive for the long-term legitimacy of cryptocurrency, but it means users need to be more aware of compliance requirements.
Third, the sanctions specifically targeted cryptocurrency addresses associated with Zservers. Three addresses were added to the Specially Designated Nationals list, which is maintained by OFAC (the Office of Foreign Assets Control). If any of your transactions have ever interacted with these addresses — even indirectly, through a chain of transactions — it could potentially raise compliance flags at regulated exchanges.
Getting Started Guide
Here are practical steps every crypto user should take in light of increasing sanctions enforcement:
Step 1: Use regulated exchanges. Stick to cryptocurrency exchanges that are registered with relevant financial authorities and have robust compliance programs. These exchanges screen transactions against sanctions lists, which protects you from inadvertently interacting with sanctioned addresses.
Step 2: Understand transaction screening. Most major exchanges now screen all incoming and outgoing transactions against OFAC’s SDN list and other sanctions databases. This is a good thing — it means you are less likely to accidentally receive tainted funds. However, it also means that if your wallet has interacted with unsanctioned but suspicious addresses, your transactions might be delayed or flagged for review.
Step 3: Keep records. Maintain records of your cryptocurrency transactions, including the purpose of each transaction and the counterparties involved. If you are ever asked by an exchange to explain the source of your funds, having clear documentation will make the process much smoother.
Step 4: Avoid mixing services without understanding the risks. Cryptocurrency mixing services (also called tumblers) are sometimes used to obscure transaction histories. While they have legitimate privacy applications, they are also used to launder illicit funds, and several major mixers have been sanctioned. Using a sanctioned mixer could result in your funds being frozen at regulated exchanges.
Common Pitfalls
New crypto users often make several mistakes when it comes to compliance. The most common is assuming that because cryptocurrency is decentralized, it operates outside the reach of regulators. In reality, most people interact with the crypto ecosystem through centralized on-ramps and off-ramps — exchanges, payment processors, and custodial wallets — all of which are subject to regulation.
Another common pitfall is ignoring the source of cryptocurrency received through peer-to-peer transactions or decentralized exchanges. If you receive crypto from an address that has been flagged for sanctions or illicit activity, you could face difficulties when trying to convert that crypto to fiat currency at a regulated exchange. Always verify the source of funds when accepting crypto from unknown parties.
Next Steps
The sanctions against Zservers are unlikely to be the last enforcement action targeting crypto-related infrastructure. As the cryptocurrency market continues to grow — with total market capitalization exceeding $3 trillion — regulatory scrutiny will only increase. The best approach is to stay informed, use compliant platforms, and maintain good records. Follow trusted news sources for updates on sanctions and regulatory developments, and consider subscribing to OFAC’s email alerts if you are a more active crypto user or business. Compliance is not just a legal obligation — it is also a practical way to protect your assets and ensure smooth access to the broader cryptocurrency ecosystem.
Disclaimer: This article is for educational purposes only and does not constitute legal or financial advice. Always consult with qualified professionals regarding compliance obligations.
good explainer for newcomers. most people dont realize ransomware payments are why crypto gets bad press in the first place
The RaaS section was helpful. Had no idea LockBit operated like a franchise model.
the franchise model is why sanctions barely make a dent. you take down the core group and ten affiliates pop up with new branding
franchise model with zero loyalty requirements. at least mcdonalds has standards for their franchisees lol
still amazed people pay ransoms in BTC directly. Monero exists for a reason and criminals know it
monero is the obvious choice but most ransomware operators prefer btc because its easier to cash out through exchanges. liquidity matters even for criminals
exactly. btc liquidity on fiat ramps is what makes it the default. xmr is better for privacy but try moving 500k through localmonero without attracting attention
Matthew Okonkwo exactly. try moving 500K through localmonero without attracting attention. BTC liquidity is why criminals still use it despite the paper trail
sanctioning the hosting provider is a weird angle. its like shutting down aws because someone ran a scam site on ec2
btc_ranger the AWS comparison isnt quite right. Zservers marketed specifically to ransomware crews, AWS doesnt do that