US Treasury Strengthens Ransomware Sanctions Against 1VPNS and Malware Provider

Date:

U.S. Treasury Strengthens Ransomware Sanctions Against 1VPNS and Malware Provider

The U.S. Treasury Department has intensified its efforts to combat ransomware by imposing new sanctions on a virtual private network (VPN) provider, its administrator, and a malware service provider. This initiative, announced by the Office of Foreign Assets Control (OFAC), targets entities alleged to facilitate ransomware attacks against American businesses, hospitals, financial institutions, and critical infrastructure. The coordinated action with the United Kingdom is part of a broader strategy to disrupt the cybercrime ecosystem that has led to billions of dollars in losses across the United States.

OFAC Targets 1VPNS and Its Administrator

At the center of these sanctions is 1VPNS, identified by OFAC as a vital infrastructure provider for ransomware operators and other cybercriminals. The Treasury has also designated Dmytro Rashevskyi, the administrator of 1VPNS, for allegedly providing technological support to cyber-enabled criminal activities. OFAC has highlighted that while VPN services can serve legitimate privacy and security purposes, they can also be misused to obscure the origins of cyberattacks, deploy malware, and manage stolen data.

The Treasury reported that ransomware groups have utilized 1VPNS infrastructure during attacks on various U.S. entities, including financial services firms, hospitals, and municipal governments. Authorities allege that since 2014, 1VPNS has actively promoted its services on cybercriminal forums, claiming not to retain user logs or cooperate with law enforcement investigations related to illegal activities conducted via its servers.

Rashevskyi is also accused of using false identities, such as “Maksim Sorin” and “Roman Chabanenko,” to acquire infrastructure from providers that might have otherwise refused business due to abuse complaints associated with 1VPNS servers.

Malware Provider Also Added to Ransomware Sanctions List

In addition to the sanctions against 1VPNS, the Treasury has imposed measures against Yegeniy Vladimirovich Silayev, a Belarusian national alleged to supply cryptors to ransomware operators. Cryptors are designed to disguise malware as legitimate files, complicating detection and removal by security products. Unlike traditional encryption technologies that protect user data, cryptors enhance the effectiveness and stealth of malware used in cyberattacks.

The Treasury alleges that Silayev has provided encryption and obfuscation services to ransomware groups targeting organizations in the United States and allied countries.

International Action Against Cybercrime Infrastructure

These sanctions were announced in collaboration with the United Kingdom’s Foreign, Commonwealth & Development Office, which has also imposed sanctions against cybercriminals and individuals accused of facilitating cybercrime. This announcement follows a May 2026 operation by European law enforcement that dismantled 1VPNS’s website and supporting infrastructure, aided by the FBI’s Boston Field Office.

The FBI has released a cybersecurity advisory detailing the tactics, techniques, and procedures associated with 1VPNS, aimed at helping organizations identify and defend against ransomware attacks.

Treasury Cites Executive Orders

The designations were made under OFAC authorities pursuant to Executive Order 13694, as amended, along with President Donald Trump’s Executive Order 14390, signed in March 2026. According to the Treasury, this order directs U.S. government agencies to enhance protections against foreign actors involved in cybercrime, cyber-enabled fraud, extortion, and related criminal schemes targeting Americans.

What the Sanctions Mean

Under the new sanctions, all property and interests belonging to the designated individuals and entities within the United States or controlled by U.S. persons are blocked and must be reported to OFAC. The restrictions extend to entities owned 50% or more by designated persons. Unless authorized by OFAC, U.S. persons are generally prohibited from engaging in transactions involving blocked individuals or organizations.

The Treasury has warned that violations of U.S. sanctions may lead to civil or criminal penalties for both U.S. and foreign persons. Financial institutions and other organizations could face sanctions exposure if they engage in prohibited transactions involving designated entities.

These latest ransomware sanctions underscore ongoing efforts by U.S. authorities and international partners to target the infrastructure and services that enable ransomware operators, rather than focusing solely on the attackers themselves.

For ongoing coverage and breaking updates, visit our Latest News section.

Published on 2026-07-14 11:42:00 • By the Editorial Desk

Share post:

Subscribe

Popular

More like this
Related