Dutch police say they took down 127 servers used by sanctioned hosting service

Police in the Netherlands say they seized 127 servers this week that were used by Zservers, a bulletproof hosting service that was the subject of international sanctions issued Tuesday.

The raid on Wednesday at the Paul van Vlissingenstraat data center in Amsterdam “followed a long-term digital investigation into the activities of a hosting provider based there, called ZServers/XHost,” police said Thursday.

The sanctions announcements by the U.S., U.K. and Australia linked Zservers to the LockBit ransomware operation. Dutch police said their investigation also showed a link between the seized servers and the Conti cybercrime gang.

In addition to ransomware, the servers showed signs of related malware, including botnets, Dutch police said. 

“ZServers/XHost came into the focus of the investigation team a year ago. The company stood out because it advertised the possibility for customers to allow criminal acts from its servers,” the police statement said. “It was also stated that the owners of these servers would remain anonymous when law enforcement agencies would make inquiries with them, and payments for the services purchased could also be made anonymously via crypto currency.”

No arrests were announced. 

“The Cybercrime Team Amsterdam will, in consultation with the Public Prosecution Service, further investigate the data found on the seized servers,” Dutch police said.

The U.S. sanctions announcements labeled two Russian nationals — Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov — as administrators of Zservers. 

In addition to them, Britain listed four other employees as targets of sanctions, as well as Xhost Internet Solutions LP, described as a “UK front company”