Ashutosh Sureka

U.S. Treasury sanctions cybercrime enablers tied to ransomware attacks

U.S. Treasury sanctions cybercrime enablers tied to ransomware attacks
Treasury hits ransomware allies

The U.S. government is expanding its campaign against ransomware networks by targeting service providers that help cybercriminals conceal operations and deploy malware. The action covers a VPN provider, its administrator, and a cryptor seller, and comes alongside UK sanctions and after a May 2026 European law enforcement takedown tied to the same infrastructure.

Highlights

  • U.S. Treasury's OFAC imposed sanctions on First VPN Service (1VPNS), Dmytro Rashevskyi, and Yegeniy Vladimirovich Silayev for enabling ransomware operations causing billions in U.S. business losses.
  • Sanctions block all U.S.-held property of designated parties and extend to any entity 50% or more owned by them, increasing compliance risks and prohibiting most related transactions by U.S. persons.
  • Action is coordinated with the UK, follows a May 2026 European law enforcement takedown of 1VPNS infrastructure, and is accompanied by an FBI cybersecurity advisory for U.S. businesses.

Sanctions target infrastructure behind ransomware activity

As reported by U.S. Department of the Treasury, the Office of Foreign Assets Control is designating two individuals and one entity for enabling ransomware actors and other cybercriminals whose operations have caused billions of dollars in losses to U.S. businesses and critical infrastructure providers.

The measures include First VPN Service, also known as 1VPNS, and its administrator Dmytro Rashevskyi, as well as Yegeniy Vladimirovich Silayev, a Belarusian national accused of supplying cryptors that disguise malware as safe software. Treasury says the designations are issued under Executive Order 13694, as amended, and further the March 6, 2026 executive order on combating cybercrime, fraud, and predatory schemes against American citizens.

Treasury says 1VPNS sells virtual private network services used by ransomware groups to hide attack origins, deploy malware, and manage stolen data. The department says the service has advertised since 2014 on cybercriminal forums, promoted a no-logs policy, and refused cooperation with law enforcement inquiries, while Rashevskyi allegedly used false identities to obtain infrastructure from companies that might otherwise reject his business.

Silayev is also accused of providing obfuscation and encryption services to ransomware operators targeting U.S. and allied entities. Treasury says such cryptors are designed not for legitimate privacy protection but to make malicious code harder for security systems to detect or disable.

Compliance risks widen for firms handling blocked parties

All property and interests in property of the designated parties that are in the United States or controlled by U.S. persons are now blocked and must be reported to OFAC. Any entity owned 50% or more, directly or indirectly, by one or more blocked persons is also blocked, extending the reach of the sanctions beyond the named parties.

Unless authorized or exempt, U.S. regulations generally prohibit transactions by U.S. persons, or within or transiting the United States, involving blocked property or interests in property. Treasury says civil or criminal penalties can apply to violations, while non-U.S. persons also face exposure if they cause U.S. sanctions breaches or engage in conduct that evades restrictions.

The action is coordinated with the UK Foreign, Commonwealth & Development Office, which is sanctioning other cybercriminals and enablers on the same day. Treasury also links the move to a May 2026 takedown of 1VPNS website infrastructure by European law enforcement authorities, supported by the FBI Boston Field Office, and notes the FBI has issued a cybersecurity advisory to help businesses detect and prevent related attacks.

Our earlier coverage of the UK’s planned security designations under the National Security (State Threats) Act explained how London intended to proscribe Iran’s IRGC and a Russia-linked GRU unit in response to alleged attacks and sabotage risks on British soil. We noted that the move would expand prosecutorial powers and penalties for those acting on behalf of the designated groups, while raising concerns about potential retaliation and the need to address broader enabling networks.

This material may contain third-party opinions, none of the data and information on this webpage constitutes investment advice according to our Disclaimer. While we adhere to strict Editorial Integrity, this post may contain references to products from our partners.
Weekly Top Bonuses
up to $2,500
deposit bonus for all clients
CLAIM BONUS
Your capital is at risk.