The U.S. government on Monday sanctioned a VPN provider and its Ukrainian administrator for abetting ransomware gangs behind attacks on American municipalities, hospitals, schools and businesses.
First VPN Service (1VPNS) provided ransomware groups with tools to “hide their identities, disguise malicious software, and evade detection — enabling attacks that have caused billions of dollars in losses to U.S. critical infrastructure providers,” according to a Treasury Department press release.
The administrator, Dmytro Rashevskyi, used fake identities “to buy infrastructure from companies that might otherwise refuse to do business with him because of complaints of abuse from internet service providers about illegal activity originating from 1VPNS servers,” the Treasury said.
A second man, Belarusian national Yegeniy Vladimirovich Silayev, was designated for allegedly selling “cryptors,” or methods used to make malware harder to detect and more effective by cloaking it as harmless files.
Silayev is not affiliated with First VPN.
Under the sanctions, no one in the U.S. can complete transactions with the designees. Sanctions are also considered a reputational blow that often leads to a downturn in business revenues.
In May, European law enforcement agencies and the FBI took down First VPN, saying the service has historically been used by cybercriminals to hide fraud, ransomware attacks and other illegal activity. The service has long been promoted on Russian cybercrime forums.
Rashevskyi marketed First VPN as low-risk because “it does not keep logs of users’ identities or activities, and that it refuses to cooperate with law enforcement investigations into illegal activity originating from the servers it rents to customers,” according to the Treasury.
VPNs, which encrypt internet traffic, are used by many people for privacy and security reasons, but also can be exploited for malicious activity.
By targeting not just ransomware operators but the service providers and tool suppliers who make their attacks possible, the U.S. and its partners are disrupting operations for a large number of gangs at once, according to the Treasury.
The press release did not specify which ransomware groups used First VPN, but said many bought internet infrastructure from the service.
First VPN has operated since 2014 and is also marketed on dark web forums for its ability to support botnets and scammers of all stripes, all while promising customers anonymity.
Recorded Future
Intelligence Cloud.
Click Here For The Original Source.
