Originally published on CyberNetSec.
Executive Summary
On July 13, 2026, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated First VPN Service (1VPNS), its administrator, and a malware obfuscation service provider for their critical roles in supporting the ransomware ecosystem. The sanctions target 1VPNS for knowingly providing infrastructure that allowed ransomware groups to hide their activities while attacking U.S. critical infrastructure, including hospitals and financial firms. Also sanctioned were Ukrainian national Dmytro Rashevskyi, the administrator of 1VPNS, and Belarusian national Yegeniy Vladimirovich Silayev, who sold 'cryptors'—services that disguise malware to evade antivirus detection. This action, coordinated with the UK and the FBI, highlights a strategic focus on disrupting the foundational services that enable cybercrime, moving beyond targeting just the ransomware operators themselves.
Regulatory Details
The sanctions were issued under Executive Order 13694, which targets individuals and entities involved in malicious cyber-enabled activities. The designation makes it illegal for any U.S. person or entity to conduct business with 1VPNS, Rashevskyi, or Silayev. All assets of the sanctioned parties that are within U.S. jurisdiction are frozen.
- Targeted Entity: First VPN Service (1VPNS), a VPN provider that advertised its non-cooperation with law enforcement and lack of logging.
- Targeted Individuals:
- Dmytro Rashevskyi (Ukraine), administrator of 1VPNS.
- Yegeniy Vladimirovich Silayev (Belarus), seller of malware crypting services.
- Coordination: The action was taken in partnership with the United Kingdom's Foreign, Commonwealth & Development Office (FCDO) and followed an infrastructure takedown operation in May 2026 involving the FBI.
This move is part of a broader government strategy to treat ransomware as a national security threat and to use all instruments of national power, including financial sanctions, to combat it.
Affected Organizations
- First VPN Service (1VPNS): The service is now effectively blacklisted from the global financial system and its infrastructure is subject to seizure.
- Ransomware Groups: The primary customers of 1VPNS and Silayev. The disruption of these services makes it more difficult and costly for them to operate anonymously and effectively.
- U.S. and Allied Entities: The action aims to protect U.S. critical infrastructure and businesses that have been victimized by ransomware groups using these services.
Compliance Requirements
For U.S. persons and entities, the compliance requirements are strict and immediate:
- Cease All Transactions: Immediately cease any and all direct or indirect dealings with the sanctioned entities and individuals.
- Block Property: Any property or interests in property of the sanctioned parties that come into the possession of a U.S. person must be blocked and reported to OFAC.
- Enhanced Due Diligence: Financial institutions and technology companies must update their screening lists and compliance programs to ensure they do not inadvertently provide services to these designated parties or their proxies.
Implementation Timeline
- May 2026: Joint law enforcement operation dismantles 1VPNS infrastructure.
- July 13, 2026: OFAC announces sanctions against 1VPNS, Rashevskyi, and Silayev.
Impact Assessment
Sanctioning foundational infrastructure and services is a strategic move designed to disrupt the entire cybercriminal supply chain.
- Increased Operational Cost for Attackers: By removing a popular 'bulletproof' VPN service, attackers are forced to find alternatives, which may be more expensive, less reliable, or more easily tracked by law enforcement.
- Reduced Malware Efficacy: Targeting cryptor services like the one run by Silayev makes it harder for attackers to bypass modern antivirus and EDR solutions, increasing the chances of their malware being detected early.
- Deterrent Effect: This action sends a strong message to other providers of illicit cyber services that they are not immune from law enforcement and financial sanctions, potentially deterring others from entering or continuing in this market.
Enforcement & Penalties
Violations of OFAC sanctions can result in severe penalties, including civil fines of up to hundreds of thousands of dollars per violation and, for willful violations, criminal penalties including up to 20 years in prison and fines of up to $1 million.
Compliance Guidance
- Update Sanctions Screening Lists: All organizations, particularly those in the financial and technology sectors, must immediately update their sanctions screening software and lists to include 1VPNS, Dmytro Rashevskyi, and Yegeniy Vladimirovich Silayev.
- Review Network Logs: While not a compliance requirement, it would be prudent for organizations to review historical network and VPN logs for any connections to infrastructure known to be associated with 1VPNS. This could indicate past or ongoing exposure to threat actors who used the service.
- Threat Intelligence Integration: Threat intelligence platforms should be updated with information about these sanctioned entities to improve detection of associated malicious activity.
Top comments (0)