The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned two individuals and one entity for enabling ransomware attacks against U.S. organizations.
On Monday, OFAC designated First VPN Service (1VPNS), a virtual private network provider that sold services to ransomware groups, and its administrator, Dmytro Rashevskyi.
Since it surfaced in 2014, 1VPNS has advertised on cybercriminal forums that it keeps no logs of user activity or identities and would not cooperate with law enforcement. Rashevskyi allegedly used false identities (e.g., “Maksim Sorin” and “Roman Chabanenko”) to acquire infrastructure from companies that would otherwise have refused service due to complaints of abuse.
The sanctions come after European law enforcement took down 1VPNS’s website and infrastructure in May with support from the FBI’s Boston Field Office, as part of a joint action dubbed “Operation Saffron” led by French and Dutch authorities.
The 1VPNS investigation began in December 2021, with law enforcement officers infiltrating the VPN’s infrastructure and collecting its user database before it was dismantled.
Throughout the joint operation, the authorities seized 33 servers linked to 1VPNs across 27 countries, arrested its administrator, and exposed thousands of users associated with ransomware, fraud, and other malicious activity worldwide.
At the time, Europol also said that the VPN service’s name had surfaced in nearly every major cybercrime investigation it supported.
Victims of ransomware attacks involving 1VPNS’ infrastructure included U.S. businesses, hospitals, financial services firms, and municipal governments.
This week, the Treasury Department also sanctioned Belarusian national Yegeniy Vladimirovich Silayev, who sells cryptors (also known as crypters), which are tools that help ransomware and other malware evade detection by security software.
Officials estimate that ransomware operations using 1VPNS and Silayev cryptors have caused billions of dollars in losses to businesses and critical infrastructure providers across the United States.
“These actors supplied ransomware groups with tools to hide their identities, disguise malicious software, and evade detection — enabling attacks that have caused billions of dollars in losses to U.S. critical infrastructure providers,” said State Department spokesperson Thomas Pigott.
“By targeting not just ransomware operators but the service providers and tool suppliers who make their attacks possible, the United States and its partners are dismantling the broader networks that sustain cybercriminal activity worldwide.”
OFAC said the action was coordinated with the United Kingdom’s Foreign, Commonwealth & Development Office. Under these sanctions, all property of the designated individuals and entities within U.S. jurisdiction is blocked, while U.S. persons and businesses are barred from transactions involving them.
On Monday, the European Union and the United Kingdom also jointly sanctioned dozens of Russian individuals and entities, accusing Russia of coordinating a network of hacking groups linked to cyberattacks across Europe.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Police seize “First VPN” service used in ransomware, data theft attacks
Former ransomware negotiator gets 4 years for BlackCat attacks
CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day
Check Point links VPN zero-day attacks to Qilin ransomware gang
U.S. sanctions Nobitex crypto exchange used by Iranian ransomware actors
Claude Fable 5 stays free for paid users until July 19 as Anthropic buys more time
Australia warns of global campaign targeting vulnerable CMS platforms
‘Ghostcommit’ hides prompt injection in images to fool AI agents, steal secrets
AI is a data-breach time bomb: Read the new report?utm_source=bleepingcomputer&utm_medium=referral&utm_campaign=bleepingcomputer_referral&utm_content=article
Your Scanners Are Green. Your Pipeline Might Not Be. Here’s How to Close the Gap.
Overdue a password health-check? Audit your Active Directory for free
#1 MSP Benchmark report 2026: Insights from 1,000+ MSPs on growth, security, artificial intelligence, and key 2026 trends.
How Mature Is Your AI Security Program? Take the Free AI Maturity Assessment.
Terms of Use – Privacy Policy – Ethics Statement – Affiliate Disclosure
Read our posting guidelinese to learn what content is prohibited.



