The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned two individuals and a VPN service provider for their involvement in supporting ransomware operations. These sanctions are part of a broader effort to curb cybercriminal activities targeting American entities.
The sanctioned VPN, known as First VPN Service (1VPNS), along with its Ukrainian administrator, Dmytro Rashevskyi, is accused of facilitating ransomware groups. Additionally, Belarusian national Yegeniy Vladimirovich Silayev has been penalized for selling cryptors that help mask malware as legitimate software, evading detection by security systems.
International Crackdown on Cybercrime
In May 2026, First VPN was dismantled during a collaborative law enforcement operation across Europe and North America. The service, operational since 2014, was notorious for claiming it did not log user activities or cooperate with legal investigations, thus enabling cybercriminals to obscure their malicious activities.
The Treasury Department reports that ransomware groups used First VPN to attack U.S. businesses, financial institutions, healthcare providers, and government entities, inflicting billions in damages. These groups exploited the VPN to conceal the origins of their operations, manage stolen data, and deploy malware.
European Sanctions on Russian Cyber Networks
Simultaneously, the U.K. and the E.U. have imposed sanctions on Russian cyber networks for their disruptive activities across Europe. These measures target 24 individuals and entities involved in cyber and hybrid operations linked to the Russian Intelligence Services, including the GRU.
Among those sanctioned are senior GRU officials Vyacheslav Stafeyev, Ivan Senin, and Ivan Kasyanenko. The sanctions also address actions by the Centre 16 of the Russian Federal Security Service (FSB), which has been involved in sabotage operations against Poland’s energy infrastructure.
Ongoing Cybersecurity Threats
The U.S. Federal Bureau of Investigation (FBI) has issued a warning regarding FSB Center 16’s exploitation of vulnerable networking devices globally. These cyber actors are known to scan for poorly configured routers and exploit them to access critical infrastructure networks.
Techniques employed include scanning for devices with Simple Network Management Protocol (SNMP) vulnerabilities and using known Cisco device vulnerabilities, such as CVE-2018-0171 and CVE-2008-4128. These actions underscore the need for robust cybersecurity measures and timely patching of vulnerable systems.
The international community’s coordinated response aims to hold accountable those responsible for malicious cyber activities. By imposing sanctions and highlighting these threats, authorities strive to enhance cybersecurity and deter future attacks.
