US Treasury Strengthens Ransomware Sanctions Against VPN Provider and Malware Service

Published:

spot_img

U.S. Treasury Strengthens Ransomware Sanctions Against VPN Provider and Malware Service

The U.S. Treasury Department has taken significant steps to combat ransomware by imposing new sanctions on a virtual private network (VPN) provider, its administrator, and a malware service provider. This action, announced by the Office of Foreign Assets Control (OFAC), targets entities accused of facilitating ransomware attacks against American businesses, hospitals, financial institutions, and critical infrastructure. The coordinated effort with the United Kingdom is part of a broader strategy to disrupt the cybercrime ecosystem that underpins ransomware operations, which have resulted in billions of dollars in losses across the United States.

OFAC Targets 1VPNS and Its Administrator

Central to the sanctions is 1VPNS, identified by OFAC as a crucial infrastructure provider for ransomware operators and other cybercriminals. The Treasury has also designated Dmytro Rashevskyi, the administrator of 1VPNS, for allegedly offering technological support to cyber-enabled criminal activities. OFAC has noted that while VPN services can serve legitimate privacy and security purposes, they can also be exploited to obscure the origins of cyberattacks, deploy malware, and manage stolen data.

The Treasury reported that ransomware groups have utilized 1VPNS infrastructure during attacks on various U.S. entities, including financial services firms, hospitals, and municipal governments. Furthermore, authorities allege that since 2014, 1VPNS has actively promoted its services on cybercriminal forums, claiming not to retain user logs or cooperate with law enforcement investigations related to illegal activities conducted via its servers.

Rashevskyi is also accused of using false identities, such as “Maksim Sorin” and “Roman Chabanenko,” to acquire infrastructure from providers that might have otherwise refused business due to abuse complaints associated with 1VPNS servers.

Malware Provider Also Added to Ransomware Sanctions List

In addition to the sanctions against 1VPNS, the Treasury has imposed measures against Yegeniy Vladimirovich Silayev, a Belarusian national alleged to supply cryptors to ransomware operators. Cryptors are designed to disguise malware as legitimate files, complicating detection and removal by security products. Unlike traditional encryption technologies that protect user data, cryptors enhance the effectiveness and stealth of malware used in cyberattacks.

The Treasury alleges that Silayev has provided encryption and obfuscation services to ransomware groups targeting organizations in the United States and allied countries.

International Action Against Cybercrime Infrastructure

These sanctions were announced in collaboration with the United Kingdom’s Foreign, Commonwealth & Development Office, which has also imposed sanctions against cybercriminals and individuals accused of facilitating cybercrime. This announcement follows a May 2026 operation by European law enforcement that dismantled 1VPNS’s website and supporting infrastructure, aided by the FBI’s Boston Field Office.

The FBI has released a cybersecurity advisory detailing the tactics, techniques, and procedures associated with 1VPNS, aimed at helping organizations identify and defend against ransomware attacks.

Treasury Cites Executive Orders

The designations were made under OFAC authorities pursuant to Executive Order 13694, as amended, along with President Donald Trump’s Executive Order 14390, signed in March 2026. According to the Treasury, this order directs U.S. government agencies to enhance protections against foreign actors involved in cybercrime, cyber-enabled fraud, extortion, and related criminal schemes targeting Americans.

What the Sanctions Mean

Under the new sanctions, all property and interests belonging to the designated individuals and entities within the United States or controlled by U.S. persons are blocked and must be reported to OFAC. The restrictions extend to entities owned 50% or more by designated persons. Unless authorized by OFAC, U.S. persons are generally prohibited from engaging in transactions involving blocked individuals or organizations.

The Treasury has warned that violations of U.S. sanctions may lead to civil or criminal penalties for both U.S. and foreign persons. Financial institutions and other organizations could face sanctions exposure if they engage in prohibited transactions involving designated entities.

These latest ransomware sanctions underscore ongoing efforts by U.S. authorities and international partners to target the infrastructure and services that enable ransomware operators, rather than focusing solely on the attackers themselves.

Source: thecyberexpress.com

Related

Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.

spot_img

Related articles

Recent articles

Russia’s FSB Blamed for Poland’s Grid Attack as UK and EU Launch Coordinated Cyber Sanctions

Russia's FSB Blamed for Poland's Grid Attack as UK and EU Launch Coordinated Cyber Sanctions A significant cyberattack last winter, which nearly disrupted heating for...

Attackers Exploit Spoofed OAuth Client IDs to Stealthily Enumerate Credentials at Scale

Attackers Exploit Spoofed OAuth Client IDs to Stealthily Enumerate Credentials at Scale Recent investigations by cybersecurity researchers have unveiled a series of sophisticated campaigns where...

AI Management Emerges as a Crucial Priority Over Development, Asserts UiPath Executive

AI Management Emerges as a Crucial Priority Over Development, Asserts UiPath Executive As organizations in the UAE and Saudi Arabia advance in their artificial intelligence...

Digital Forensics Strengthens Case Against Jason Cunningham in £113,000 Property Investment Fraud

Digital Forensics Strengthens Case Against Jason Cunningham in £113,000 Property Investment Fraud A significant property investment fraud case in the United Kingdom has highlighted the...