U.S. Sanctions VPN Provider and Tool Sellers Enabling Ransomware Against Americans
The U.S. Treasury Department has sanctioned two individuals and one VPN provider for enabling ransomware attacks against American organizations, marking a significant step in disrupting the cybercriminal supply chain.

Cracking Down on the Enablers of Digital Extortion
The U.S. government has finally drawn a line in the sand for the shadowy middlemen fueling the ransomware epidemic. In a decisive move to protect American interests, the Office of Foreign Assets Control (OFAC) has sanctioned two individuals and one entity specifically for providing the critical infrastructure and tools that allow cybercriminals to strike U.S. organizations.
This isn't just about catching the hackers holding the keys to locked data; it's about dismantling the supply chain that makes those attacks possible. By targeting the service providers who sell anonymity and the software developers who disguise malicious code, the Treasury Department aims to choke off the resources that have led to billions of dollars in losses for American businesses and critical infrastructure.
The Target: First VPN Service and Dmytro Rashevskyi
At the heart of this enforcement action is First VPN Service (1VPNS), a virtual private network provider that explicitly marketed its services to ransomware groups. These groups rely on such tools to hide their location and evade detection while they execute their attacks. The designation targets not just the company, but also its administrator, Dmytro Rashevskyi, holding him personally accountable for the entity's operations.
OFAC determined that 1VPNS and Rashevskyi materially assisted cyber-enabled activities under Executive Order 13694. The specific violations include providing technological support and services to actors located outside the United States who are reasonably likely to threaten U.S. national security and economic stability. The sanctions effectively freeze any assets these entities hold within the U.S. financial system and prohibit Americans from doing business with them.
- Entity Designated: First VPN Service (1VPNS), a provider selling anonymity to ransomware actors.
- Individual Designated: Dmytro Rashevskyi, the administrator of the VPN service.
- Legal Basis: Executive Order 13694, as amended, targeting malicious cyber activity.
- Impact: Removal of a key infrastructure layer used to mask ransomware operations.
The Toolmaker: Yegeniy Silayev and the "Cryptor" Trade
While the VPN service provided the mask, another sanctioned individual provided the weapon itself in a disguised form. Yegeniy Vladimirovich Silayev has been designated for selling "cryptors," specialized tools designed to pack ransomware and other malware into files that appear safe to the naked eye and to security systems.
These cryptors are a critical component in the ransomware lifecycle, allowing attackers to bypass firewalls and antivirus software that would otherwise detect and neutralize the threat. By disguising the malicious code, Silayev's tools directly enabled the confidentiality, integrity, and availability of data to be compromised. His actions fit the definition of materially assisting ransomware attacks, which often involve extortion through malicious encryption or data theft.
- Individual Designated: Yegeniy Vladimirovich Silayev.
- Criminal Activity: Selling "cryptors" to disguise malware as safe programs.
- Consequence: Enabled the successful deployment of attacks by evading security detection.
- Scope: Support for ransomware groups targeting Americans and critical infrastructure.

Why Targeting the Supply Chain Matters
The strategic shift here is significant. For years, law enforcement focused primarily on the ransomware gangs themselves, but these operators are often fragmented and difficult to reach. By sanctioning the vendors who sell the tools and infrastructure, the U.S. Treasury is attacking the ecosystem that sustains these criminal enterprises. Without reliable VPN services to hide their tracks and cryptors to bypass defenses, the cost and difficulty of launching successful attacks increase dramatically.
OFAC emphasized that the ultimate goal of these sanctions is not merely punitive but behavioral. The administration seeks to deter future support for cyber-enabled malign activities by making it clear that any entity or individual providing material support to ransomware actors faces severe financial and legal consequences. This approach signals that the U.S. will no longer tolerate a "safe harbor" for those who facilitate digital extortion.
Key Takeaways for the Cybersecurity Landscape
This latest round of designations underscores a broader trend in the fight against cybercrime: isolation of the support network. The sanctions serve as a stark warning to global service providers and software developers. If your tools or services are being used to facilitate ransomware attacks against U.S. persons or infrastructure, you are a target. The list of designated actors is growing, and the net is tightening around the entire supply chain of cyber threats.
- Disruption: Cuts off access to U.S. financial systems for sanctioned actors.
- Deterrence: Warns other vendors against selling services to ransomware groups.
- Protection: Aims to reduce the frequency and success rate of attacks on U.S. entities.
- Accountability: Holds both corporate entities and individual operators personally liable.
As the digital battlefield evolves, the U.S. government's strategy is becoming increasingly sophisticated. By sanctioning the First VPN Service, Dmytro Rashevskyi, and Yegeniy Silayev, officials are sending a clear message that enabling ransomware is no longer a low-risk business opportunity. It is a direct threat to national security with immediate and tangible repercussions.
Frequently Asked Questions

