The U.S. Treasury Department has announced new ransomware sanctions against a virtual private network (VPN) provider, its administrator, and a malware service provider accused of enabling ransomware attacks targeting Americans. The Office of Foreign Assets Control (OFAC) said the designated individuals and entity allegedly supplied infrastructure and tools used by cybercriminals to carry out attacks against U.S. businesses, hospitals, financial institutions, and critical infrastructure.
The action, coordinated with the United Kingdom, is part of broader efforts to disrupt the cybercrime ecosystem supporting ransomware operations. The Treasury said the targeted services have contributed to attacks that resulted in billions of dollars in losses across the United States.
OFAC Targets 1VPNS and Its Administrator
At the center of the ransomware sanctions is 1VPNS, a VPN provider that OFAC described as a key infrastructure supplier for ransomware operators and other cybercriminals. The Treasury also designated Dmytro Rashevskyi, the administrator of 1VPNS, for allegedly providing technological support to cyber-enabled criminal activity.
According to OFAC, VPN services have legitimate privacy and security uses but can also be misused to conceal the origin of cyberattacks, deploy malware, and manage stolen data.
The Treasury said ransomware groups used 1VPNS infrastructure during attacks against U.S. companies and institutions, including financial services firms, hospitals, municipal governments, and other organizations.
Authorities also alleged that since 2014, 1VPNS advertised its services on cybercriminal forums while claiming it did not retain user logs or cooperate with law enforcement investigations involving illegal activities conducted through its servers.
OFAC further stated that Rashevskyi used false identities, including “Maksim Sorin” and “Roman Chabanenko,” to purchase infrastructure from providers that may have otherwise declined business because of abuse complaints linked to 1VPNS servers.
Malware Provider Also Added to Ransomware Sanctions List
The Treasury also imposed sanctions on Yegeniy Vladimirovich Silayev, a Belarusian national accused of supplying cryptors to ransomware operators.
According to OFAC, cryptors are designed to disguise malware as legitimate files, making malicious software more difficult for security products to detect or remove. Unlike traditional encryption technologies that protect user data, cryptors are intended to improve the effectiveness and stealth of malware used in cyberattacks.
The Treasury alleged that Silayev provided encryption and obfuscation services to ransomware groups targeting organizations in the United States and allied countries.
International Action Against Cybercrime Infrastructure
The sanctions were announced in coordination with the United Kingdom’s Foreign, Commonwealth & Development Office, which also imposed sanctions against cybercriminals and individuals accused of enabling cybercrime.
The announcement follows a May 2026 operation by European law enforcement authorities that dismantled 1VPNS’s website and supporting infrastructure with assistance from the FBI’s Boston Field Office.
The FBI has also released a cybersecurity advisory detailing the tactics, techniques, and procedures associated with 1VPNS to help organizations identify and defend against ransomware attacks.
Treasury Cites Executive Orders
The designations were issued under OFAC authorities pursuant to Executive Order 13694, as amended, along with President Donald Trump’s Executive Order 14390, signed in March 2026.
According to the Treasury, the order directs U.S. government agencies to strengthen protections against foreign actors involved in cybercrime, cyber-enabled fraud, extortion, and related criminal schemes targeting Americans.
What the Sanctions Mean
Under the sanctions, all property and interests belonging to the designated individuals and entity that are within the United States or controlled by U.S. persons are blocked and must be reported to OFAC.
The restrictions also extend to entities owned 50% or more by designated persons. Unless authorized by OFAC, U.S. persons are generally prohibited from engaging in transactions involving blocked individuals or organizations.
The Treasury said violations of U.S. sanctions may result in civil or criminal penalties for both U.S. and foreign persons. It also warned that financial institutions and other organizations could face sanctions exposure if they engage in prohibited transactions involving designated entities.
The latest ransomware sanctions reflect continuing efforts by U.S. authorities and international partners to target the infrastructure and services that enable ransomware operators rather than focusing solely on the attackers themselves.
Related
Click Here For The Original Source.
