US Sanctions First VPN in Crackdown on Ransomware Criminals

The US Treasury Department this week sanctioned First VPN Service, saying it allowed hackers to launch ransomware attacks against US companies and institutions.
The Office of Foreign Assets Control, an intelligence and enforcement agency within the Treasury Department, also imposed sanctions on First VPN administrator Dmytro Rashevskyi and Yegeniy Vladimirovich Silayev for selling tools used to hide ransomware and other malware. These tools — known as “cryptors” — prevent security systems from detecting or disabling them.
In May, European authorities dismantled First VPN, also known as 1VPNS, and arrested Rashevskyi, who is now based in Dnipro, Ukraine, to complete an investigation that began in 2021.
Europol, the EU’s law enforcement agency, said First VPN was well-publicized in Russian-language cybercrime forums as a service that offers anonymous payments, hidden infrastructure and services “designed specifically for criminal use.”
The agency also said the VPN service helped cybercriminals hide their identity while carrying out ransomware and data theft attacks, and that it appeared in “almost every major cybercrime investigation supported by Europol in recent years.”
Treasury Department representatives did not immediately respond to a request for comment.
What is ransomware?
Ransomware is malicious software that infiltrates a computer system and prevents a person or company from accessing files, systems or networks. The perpetrator will usually demand a ransom in order to regain access. It’s a big problem: One estimate puts the cost at $74 billion worldwide this year.
The FBI advises that people keep their apps and software updated, use anti-malware and antivirus programs and always back up data, among other tips. The FBI also does not recommend paying ransomware promoters.
Read more: The best VPNs of 2026
Under the sanctions issued this week, the Treasury Department will prohibit all transactions involving US persons involving assets of Rashevskyi or Silayev. The department also said that any of their property in the country or owned by anyone in the country must be reported to the department. Financial institutions and others are prohibited from “engaging in certain transactions or activities” involving Rashevskyi or Silayev.
“The main purpose of the sanctions is not to punish, but to bring about a positive change in behavior,” said the Ministry in a statement.
When used legally and ethically, a VPN it is an invaluable tool for consumers seeking online privacy. The most secure and efficient VPNs — CNET advises free use — will not log or record your data, meaning no one can see your online activity. VPNs also hide your location by using a unique IP address, making it look like you’re in a different country than the one you’re in. Many people use VPNs to watch geo-restricted online content from their actual country of residence.
But, as CNET’s Attila Tomaschek writes“Complete anonymity” is impossible, even with the best VPNs. They can help achieve some privacy, but so much of our data is accessible that a VPN can’t give you “an all-encompassing blanket of invisibility on the Internet,” he says.
Cybercrime forums and false identities
In a press release, the Ministry of Finance said that Rashevskyi and First VPN began advertising their services in 2014 on various cybercrime forums. The first VPN said it did not log users’ identities or activities and would refuse to cooperate with law enforcement investigations into any potential illegal activity from servers it leases to customers.
The agency also said that Rashevskyi used fake IDs so that companies could sell him infrastructure that they would not have sold if they knew who he really was. Internet service providers have complained about illegal activity from First VPN’s servers, the statement said.
Ransomware criminals have used the infrastructure found in First VPN to attack US businesses, financial services companies, hospitals and municipal governments, according to the Treasury Department.
Silayev, a Belarusian country, is given crucifixion again obfuscation resources to ransomware operators targeting US and allied organizations, the Treasury Department said. These cryptors make the malware look like harmless files, tricking the computer systems of companies and other institutions.


