The United States, United Kingdom, and Australia have announced sanctions against the Russian bulletproof hosting provider Media Land, along with its associated companies, due to their support for ransomware operations. Media Land has been identified as providing services to various cybercrime marketplaces and ransomware groups, including LockBit and BlackSuit, and has been linked to distributed denial-of-service attacks on U.S. companies. The U.S. Department of the Treasury’s Office of Foreign Assets Control designated Media Land and its executives for enabling cybercriminal activities, stating that such providers facilitate attacks on businesses in allied countries. These sanctions freeze all assets within the U.S., U.K., and Australia, while also exposing individuals and entities engaging in transactions with these sanctioned parties to potential enforcement actions.
The United States is shifting its cybersecurity strategy to a more offensive approach against foreign hackers, according to National Cyber Director Sean Cairncross. Speaking at the Aspen Cyber Summit, Cairncross emphasized the need for a cohesive strategy that combines policy with action, aiming to impose costs on adversaries who target U.S. critical infrastructure. He noted that while the U.S. has excelled at identifying and responding to threats, the current fragmented approach lacks long-term effectiveness. Cairncross plans to introduce a new National Cyber Strategy document that will include six pillars and aims for a coordinated response—a first for the U.S. cyber domain. Industry experts, including Mandiant co-founder Kevin Mandia and Google Threat Intelligence Vice President Sandra Joyce, echoed concerns about the current defensive posture, arguing that it is unsustainable, especially as cybercriminals increasingly leverage advanced technologies. Joyce pointed out that the existing public-private model for cybersecurity is failing, as evidenced by the rise in ransomware attacks.
Why do we care?
Here’s the thing: governments finally seem to be recognizing what MSPs have known for years — this isn’t “IT security,” it’s organized crime. Knocking out a bulletproof hoster matters because it hits the infrastructure the bad guys depend on. It’s not a magic fix, but it’s pressure in the right place.
And the shift toward an offensive cyber strategy? That’s an overdue acknowledgment that the current system just doesn’t work. The burden has been dumped on small businesses and MSPs, and we all pretend that better tools or better hygiene can make ransomware go away. Meanwhile, attackers are using automation and global infrastructure. Stack-level defenses alone aren’t going to cut it.
I always come back to this analogy: if criminal gangs were roaming the streets kicking in doors every night, nobody would be saying, “Well, have you tried better locks?” They’d demand police action. Cyber is no different — except the damage is financial. Every dollar a business spends on cybersecurity, or on a ransom, is a dollar they don’t have for growth. Those dollars have identical value. If we’re serious about reducing cyber risk, we should absolutely want more government intervention.
So what do you do with this? Start shifting your conversations away from tools and toward governance. Start prepping for more reporting requirements — because they are coming. And help customers understand that this isn’t optional anymore. Cybersecurity is moving from “best practice” to “public safety,” and MSPs that can guide clients through the policy side will be the ones who stand out.