Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Critical UEFI Shim Flaw Lets Attackers Bypass Secure Boot
July 14, 2026
xAI Grok CLI Exposed Git Repos and .env Secrets on Cloud Storage
July 14, 2026
Salesforce Fixes Critical OAuth Flaw Allowing Persistent Data Access
July 14, 2026
Home/CyberSecurity News/US Treasury Sanctions VPN Service for Aiding Ransomware Attacks
CyberSecurity News

US Treasury Sanctions VPN Service for Aiding Ransomware Attacks

Key Takeaways The U.S. Treasury has sanctioned First VPN Service (1VPNS), its administrator, and a malware obfuscation provider. The sanctions target entities accused of enabling ransomware attacks...

Jennifer sherman
Jennifer sherman
July 14, 2026 3 Min Read
5 0

Key Takeaways

  • The U.S. Treasury has sanctioned First VPN Service (1VPNS), its administrator, and a malware obfuscation provider.
  • The sanctions target entities accused of enabling ransomware attacks against U.S. organizations and critical infrastructure.
  • This action follows an international law enforcement operation that disrupted 1VPNS’s infrastructure in May 2026.
  • U.S. persons are now prohibited from transactions with the sanctioned individuals and entities.

U.S. Treasury Imposes Sanctions on VPN Service for Aiding Ransomware Operations

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has announced sanctions against First VPN Service (1VPNS), a virtual private network provider. The Treasury alleges that 1VPNS furnished critical infrastructure to ransomware syndicates actively targeting American enterprises.

Table Of Content

  • Key Takeaways
  • U.S. Treasury Imposes Sanctions on VPN Service for Aiding Ransomware Operations
  • VPN Service Accused of Direct Support to Cybercriminals
  • Legal Basis and Broader Strategy
  • What You Should Do

In addition to 1VPNS, the sanctions also name Dmytro Rashevskyi, identified as an administrator of the VPN service, and Yegeniy Vladimirovich Silayev, who provides malware obfuscation services. According to the Treasury, ransomware actors leveraged 1VPNS’s infrastructure to mask their digital footprints, distribute malicious payloads, and manage exfiltrated data during their extortion campaigns.

The victims of these attacks reportedly spanned a wide range of sectors, including U.S. businesses, financial institutions, healthcare providers, and local government bodies. These ransomware activities have collectively inflicted billions of dollars in financial losses upon U.S. businesses and essential infrastructure providers.

While VPN technology offers legitimate applications for privacy and security, enabling users to encrypt their internet traffic and conceal their IP addresses, OFAC’s findings paint a different picture for 1VPNS.

VPN Service Accused of Direct Support to Cybercriminals

OFAC reported that 1VPNS actively marketed its services on cybercriminal forums, promoting a strict no-logs policy and a stated refusal to cooperate with law enforcement investigations into malicious activities originating from its servers. The Treasury noted that the service had advertised on various criminal platforms since 2014.

Rashevskyi is accused of employing false identities, such as “Maksim Sorin” and “Roman Chabanenko,” to procure servers and other necessary infrastructure from providers who would otherwise have rejected his business due to a history of abuse complaints.

These sanctions come on the heels of an international law enforcement operation conducted in May 2026, which successfully disrupted 1VPNS’s website and associated infrastructure. European authorities led this operation, with crucial support from the FBI’s Boston Field Office.

The FBI subsequently released a cybersecurity advisory, detailing indicators and tactics linked to 1VPNS, aiming to assist organizations in detecting and preventing ransomware intrusions. OFAC also designated Silayev, described as a Belarusian national, for supplying “cryptors” to ransomware operators.

Cryptors are specialized tools designed to package, encrypt, or obfuscate malware, allowing it to bypass detection by antivirus software, endpoint detection tools, and other security measures. The Treasury emphasized that, unlike standard encryption software used for legitimate data protection, these services were specifically deployed to enhance the stealth and effectiveness of malware against U.S. and allied targets.

Legal Basis and Broader Strategy

The designations were issued under Executive Order 13694, as amended, and align with Executive Order 14390, signed in March 2026. This latter order mandates federal agencies to combat foreign cybercrime, fraud, extortion, and related threats.

As a direct consequence of these sanctions, all property and interests in property belonging to the named individuals and entity within U.S. jurisdiction are now blocked. U.S. persons are generally forbidden from engaging in transactions involving these sanctioned parties unless specifically authorized by OFAC. These restrictions also extend to any entities owned 50% or more by one or more blocked persons.

This action was coordinated with the United Kingdom’s Foreign, Commonwealth & Development Office, which simultaneously announced its own sanctions against cybercriminals and their enablers. The Treasury stated that this coordinated effort underscores a broader strategic initiative to dismantle the ecosystem of services that ransomware groups rely upon, including anonymous hosting, VPN access, malware obfuscation, and infrastructure for managing stolen data.

What You Should Do

  • Organizations should review the FBI’s cybersecurity advisory for indicators of compromise (IOCs) and tactics associated with services like 1VPNS to enhance detection capabilities.
  • Implement robust endpoint detection and response (EDR) solutions and next-generation antivirus (NGAV) to detect and block obfuscated malware.
  • Educate employees on phishing and social engineering tactics often used by ransomware groups to gain initial access.
  • Regularly back up critical data and test recovery procedures to minimize the impact of a ransomware attack.
  • Maintain strong network segmentation and access controls to limit lateral movement within your environment.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCybersecurityMalwareransomwareSecurityThreat

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Critical Chrome Extension Vulnerability Exposed 1.6M User Passwords

Next Post

Critical ServiceNow Vulnerability Lets Remote Attackers Execute Code

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Qilin Ransomware Abuses Active Directory Replication with DCSync Attacks
July 14, 2026
CISA Warns of Active Exploitation of Critical Cisco IOS XE Bug CVE-2023-20198
July 14, 2026
UK and Allies Warn of Russian Hackers Exploiting Routers Worldwide
July 14, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us