The U.S. Department of the Treasury has imposed sanctions on a VPN provider, its administrator, and two malware operators accused of supporting ransomware groups responsible for attacks against American organizations. The measures were announced by the Treasury’s Office of Foreign Assets Control (OFAC) as part of ongoing efforts to disrupt the infrastructure cybercriminals rely on to conduct attacks.
According to OFAC, the sanctions target First VPN Service (1VPNS), its administrator Dmytro Rashevskyi, and two individuals allegedly involved in developing and distributing malware used by ransomware operators. U.S. officials said the sanctioned parties knowingly provided services that enabled ransomware groups to conceal their activity, maintain anonymous infrastructure, and compromise victim networks.
Treasury officials said 1VPNS marketed itself on cybercrime forums by promising not to keep user logs and refusing to cooperate with law enforcement requests. Investigators allege Rashevskyi used false identities to obtain hosting infrastructure from providers that otherwise would have rejected the company’s business because of repeated abuse complaints.
The U.S. government also sanctioned malware developers accused of supplying malicious tools to ransomware affiliates. Authorities said their software was used to steal credentials, establish persistent access to compromised systems, and facilitate attacks that ultimately led to ransomware deployment against U.S. victims.
Under the sanctions, any assets belonging to the designated individuals or entities that fall under U.S. jurisdiction are frozen. U.S. citizens and companies are also prohibited from conducting transactions with them unless specifically authorized by OFAC. The restrictions are intended to make it more difficult for cybercriminals to obtain infrastructure and technical services needed to support ransomware operations.
The announcement follows an FBI warning issued earlier this year identifying First VPN Service as a key provider for cybercriminal activity. According to the bureau, at least 25 ransomware groups used the service to hide their operations, while other criminals relied on it for botnets, internet scanning, distributed denial-of-service attacks, and fraud campaigns.
