The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions on two individuals and a virtual private network (VPN) service provider for facilitating ransomware operations and other cybercriminal activities targeting American entities.
The sanctioned VPN, known as First VPN Service (1VPNS), along with its Ukrainian administrator, Dmytro Rashevskyi, have been accused of providing tools that enabled ransomware groups to conceal their activities. Additionally, Belarusian national Yegeniy Vladimirovich Silayev has been sanctioned for selling cryptors designed to disguise malware as legitimate software, thereby evading detection by security systems.
First VPN Service was dismantled in May 2026 through a coordinated effort by European and North American law enforcement agencies. The service had been operational since 2014, promoting itself as a provider that did not log user activities or cooperate with authorities, thus appealing to cybercriminals seeking anonymity. It was advertised on Russian-speaking cybercrime forums as a tool to evade law enforcement.
According to the Treasury Department, multiple ransomware groups utilized First VPN Service to execute attacks on U.S. businesses, financial institutions, healthcare facilities, and municipal governments. These groups leveraged the VPN to obscure their origins, deploy malware, and manage stolen data. The resulting ransomware attacks have inflicted billions of dollars in damages on American organizations and critical infrastructure.
Rashevskyi reportedly employed false identities, such as ‘Maksim Sorin’ and ‘Roman Chabanenko,’ to procure infrastructure from companies that might have otherwise refused service due to complaints about illegal activities originating from 1VPNS servers.
In a related development, the United Kingdom and the European Union have imposed sanctions on Russian cyber networks for their persistent and increasingly reckless cyber operations across Europe. These sanctions target 24 individuals and entities involved in destructive cyber and hybrid activities, including members of Russia’s Main Intelligence Directorate (GRU) and the Federal Security Service (FSB). The measures aim to curb the activities of cybercriminals and entities operating under Russian direction or control.
These actions underscore a growing international commitment to disrupting cybercriminal infrastructure and holding enablers accountable. By targeting services like First VPN and individuals supplying tools to conceal malware, authorities aim to increase the operational costs for cybercriminals and deter future attacks. Organizations are advised to remain vigilant, enhance their cybersecurity measures, and stay informed about emerging threats in the digital landscape.