U.S. Sanctions VPN Provider Abetting Ransomware Gangs
The U.S. government has sanctioned **First VPN Service (1VPNS)** and its Ukrainian administrator for allegedly providing crucial infrastructure to ransomware groups. This move aims to disrupt the operational capabilities of cybercriminals by targeting the services that enable their anonymity and malicious activities.
The **U.S. Department of the Treasury** announced sanctions on Monday against a virtual private network (VPN) provider and its administrator, citing their role in facilitating ransomware attacks on critical American infrastructure.
**First VPN Service (1VPNS)** is accused of supplying ransomware gangs with tools to "hide their identities, disguise malicious software, and evade detection β enabling attacks that have caused billions of dollars in losses to U.S. critical infrastructure providers," according to a Treasury press release.
The administrator, **Dmytro Rashevskyi**, a Ukrainian national, reportedly used deceptive identities to acquire infrastructure from companies that would otherwise decline business due to a history of abuse complaints linked to 1VPNS servers.
### Targeting the Enablers of Cybercrime
In a related designation, **Yegeniy Vladimirovich Silayev**, a Belarusian national, was sanctioned for allegedly selling "cryptors." These tools are designed to make malware more difficult to detect and more effective by obscuring its true nature.
It's important to note that **Silayev** is not affiliated with **First VPN**.
Under these new sanctions, U.S. entities are prohibited from engaging in transactions with the designated individuals and the VPN service. Such sanctions typically carry significant reputational damage and often lead to a sharp decline in business operations.
### International Cooperation Against Cybercrime
This action follows a joint effort in May by European law enforcement agencies and the **FBI** to dismantle **First VPN**. Authorities stated that the service has a long history of being utilized by cybercriminals for various illicit activities, including fraud and ransomware attacks. The service has also been widely promoted on Russian cybercrime forums.
**Rashevskyi** marketed **First VPN** as a low-risk option, emphasizing its policy of not retaining user logs or cooperating with law enforcement investigations into illegal activities originating from its servers. This promise of anonymity made it attractive to malicious actors.
While VPNs are legitimate tools used by many for privacy and security, they can also be exploited for nefarious purposes. By targeting not only the ransomware operators themselves but also the service providers and tool suppliers that enable their attacks, the U.S. government and its partners aim to disrupt a broad spectrum of cybercriminal operations simultaneously.
The Treasury's press release did not specify which particular ransomware groups utilized **First VPN**, but it indicated that numerous groups purchased internet infrastructure from the service. **First VPN** has been active since 2014, also marketing its capabilities on dark web forums for supporting botnets and various scams, all while guaranteeing user anonymity.