Amsterdam police raid office tied to alleged Russian cybercrime outfit ZServers & XHost

The Amsterdam police have dismantled a digital criminal network after an investigation that lasted over a year. A raid was carried out in Amsterdam-Oost on Wednesday. A total of 127 servers used by cybercriminals were taken down due to the operation.

The network in question is the Russian hosting provider ZServers/XHost. It was based in an office on the Paul van Vlissingenstraat in the Overamstel area. The United States, United Kingdom, and Australia jointly imposed sanctions on ZServers for supporting ransomware attacks by the notorious hacking group Lockbit on Tuesday.

ZServers/XHost is a so-called “bulletproof hoster.” This is a special hosting service that protects cyber criminals and helps them maintain invisibility on the internet. They can use this to spread viruses or commit cyber attacks.

The Russian company came to the attention of authorities because they were advertising that their clients could commit criminal acts via their servers. They also indicated in the advertisements that the owners of the servers would remain anonymous if the police asked questions. In addition, the payments for the services could be made anonymously via crypto coins.

An investigation proved that the servers contained software that was often used by cybercriminals, like ransomware, botnets, and malware. During the raid, a server was found with hacking tools like Lockbit and Conti. “They are known as the most prolific and damaging ransomware groups in the world,” police said.

The websites that may have been on the server are now unavailable. No arrests were made during the raid. There was a lot of data on the dismantled servers. The police are going to investigate this further with the Public Prosecution Service.

Two days earlier, British authorities raided Xhost Internet Solutions LP, which they alleged to be a UK front company for ZServers. The British Foreign Ministry wrote, “ZServers provide vital infrastructure for cybercriminals as they plan and execute attacks against the UK. The illicit supply chain protects, supports and conceals the operations of some of the world’s most ruthless ransomware gangs. Ransomware actors rely on these services to launch attacks, extort victims and store stolen data.”

In the statement, UK Foreign Secretary David Lammy said that Russian President Vladimir Putin “has built a corrupt mafia state driven by greed and ruthlessness. It is no surprise that the most unscrupulous extortionists and cyber-criminals run rampant from within his borders.”