Skip to content
Tech News
← Back to articles

US sanctions VPN, malware providers for enabling ransomware attacks

read original more articles

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and one entity for enabling ransomware attacks against U.S. organizations.

On Monday, OFAC designated First VPN Service (1VPNS), a virtual private network provider that sold services to ransomware groups, and its administrator, Dmytro Rashevskyi.

Since it surfaced in 2014, 1VPNS has advertised on cybercriminal forums that it keeps no logs of user activity or identities and would not cooperate with law enforcement. Rashevskyi allegedly used false identities (e.g., "Maksim Sorin" and "Roman Chabanenko") to acquire infrastructure from companies that would otherwise have refused service due to complaints of abuse.

The sanctions come after European law enforcement took down 1VPNS's website and infrastructure in May with support from the FBI's Boston Field Office, as part of a joint action dubbed "Operation Saffron" led by French and Dutch authorities.

The 1VPNS investigation began in December 2021, with law enforcement officers infiltrating the VPN's infrastructure and collecting its user database before it was dismantled.

Throughout the joint operation, the authorities seized 33 servers linked to 1VPNs across 27 countries, arrested its administrator, and exposed thousands of users associated with ransomware, fraud, and other malicious activity worldwide.

At the time, Europol also said that the VPN service's name had surfaced in nearly every major cybercrime investigation it supported.

Victims of ransomware attacks involving 1VPNS' infrastructure included U.S. businesses, hospitals, financial services firms, and municipal governments.

This week, the Treasury Department also sanctioned Belarusian national Yegeniy Vladimirovich Silayev, who sells cryptors (also known as crypters), which are tools that help ransomware and other malware evade detection by security software.

Officials estimate that ransomware operations using 1VPNS and Silayev cryptors have caused billions of dollars in losses to businesses and critical infrastructure providers across the United States.

... continue reading