U.S. sanctions First VPN Service over ransomware support

U.S. sanctions First VPN Service over ransomware support
U.S. targets VPN over ransomware

Washington is expanding its crackdown on the infrastructure behind ransomware attacks by imposing sanctions on a VPN provider and two alleged administrators. The move aligns with coordinated action by UK authorities and follows a May 2026 European law enforcement takedown of the service's infrastructure backed by the FBI.

Highlights

  • The U.S. sanctioned First VPN Service (1VPNS), its administrator Dmytro Rashevskyi, and Yegeniy Vladimirovich Silayev for aiding ransomware groups targeting critical infrastructure.
  • Sanctioned actors provided tools enabling cybercriminals to conceal identities, with attacks causing billions of dollars in losses to U.S. hospitals, schools, businesses, and local governments.
  • The coordinated U.S.-UK action follows a May 2026 European law enforcement operation against 1VPNS infrastructure and reflects a broader strategy to disrupt the cybercrime ecosystem.

Coordinated sanctions target ransomware support network

As reported by U.S. Department of State, citing the U.S. Department of State, the United States is sanctioning First VPN Service, also known as 1VPNS, along with its administrator Dmytro Rashevskyi and Yegeniy Vladimirovich Silayev for providing support to ransomware groups that target American critical infrastructure.

U.S. officials say the sanctioned actors supply tools that help cybercriminals conceal their identities, disguise malicious software and evade detection. Those services support attacks on hospitals, schools, businesses and local governments, with losses to U.S. critical infrastructure providers running into billions of dollars.

The State Department says the designations are coordinated with the UK's Foreign, Commonwealth & Development Office. The action also follows a May 2026 European law enforcement operation against 1VPNS infrastructure that is supported by the FBI.

Broader cybercrime disruption strategy

By targeting service providers and tool suppliers in addition to ransomware operators, U.S. authorities are seeking to weaken the wider ecosystem that enables global cybercrime. The measure reflects a strategy of using diplomatic and economic pressure to disrupt foreign cybercriminal networks and their facilitators.

The State Department describes ransomware as both a law enforcement issue and a foreign policy threat because it undermines economic stability and security in the United States and allied countries. The sanctions are being taken under Executive Order 13694, as amended by subsequent executive orders including 13757, 14144 and 14306.

We previously reported on U.S. sanctions aimed at disrupting ransomware infrastructure by targeting First VPN Service (1VPNS), its administrator Dmytro Rashevskyi, and Yegeniy Vladimirovich Silayev for enabling cybercriminal operations. Our article noted the measures were coordinated with the UK and followed a May 2026 European law enforcement takedown linked to the same 1VPNS infrastructure, while also outlining the compliance implications of OFAC blocking rules.

This material may contain third-party opinions, none of the data and information on this webpage constitutes investment advice according to our Disclaimer. While we adhere to strict Editorial Integrity, this post may contain references to products from our partners.
Weekly Top Bonuses
up to $2,500
deposit bonus for all clients
CLAIM BONUS
Your capital is at risk.