US Sanctions VPN and Malware Providers Over Ransomware Support

www.news4hackers.com-us-sanctions-vpn-and-malware-providers-over-ransomware-support-us-sanctions-vpn-and-malware-providers-over-ransomware-support

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) imposed restrictions on two individuals and one organization for facilitating ransomware campaigns targeting American entities.

Sanctions on 1VPNS and Dmytro Rashevskyi

The measures targeted First VPN Service (1VPNS), a virtual private network provider, and its administrator, Dmytro Rashevskyi. Since its emergence in 2014, 1VPNS promoted itself as a service that does not retain user activity records or identities and refuses to collaborate with law enforcement. Rashevskyi allegedly utilized fictitious aliases, including “Maksim Sorin” and “Roman Chabanenko,” to obtain resources from vendors that would have otherwise denied service due to prior abuse complaints.

1VPNS’s Alleged Activities and Rashevskyi’s Role

The sanctions follow a coordinated international operation in May, when European authorities, supported by the FBI’s Boston Field Office, dismantled 1VPNS’s online presence under “Operation Saffron,” a joint initiative led by French and Dutch agencies. The investigation, which began in December 2021, involved law enforcement infiltrating the VPN’s systems and acquiring its user database prior to its shutdown.

Operation Saffron: Dismantling 1VPNS’s Infrastructure

During the operation, authorities seized 33 servers associated with 1VPNS across 27 nations, detained the administrator, and identified thousands of users connected to ransomware, fraud, and other illicit activities globally. Europol noted that 1VPNS’s name appeared in nearly all major cybercrime investigations it supported.

Operation Saffron’s Impact and Server Seizures

Organizations affected by ransomware attacks utilizing 1VPNS infrastructure included U.S.-based enterprises, healthcare providers, financial institutions, and local government entities. This week, OFAC also penalized Belarusian national Yegeniy Vladimirovich Silayev, who distributed cryptors—tools designed to bypass security software and conceal malicious payloads.

Impact on U.S. Entities and Penalties on Yegeniy Vladimirovich Silayev

Officials estimate that ransomware operations leveraging 1VPNS and Silayev’s tools have resulted in billions of dollars in damages to U.S. businesses and critical infrastructure.

Quotes from U.S. Officials on Cybercrime Disruption

“Actors supplying ransomware groups with methods to obscure their identities, mask malicious software, and evade detection have enabled attacks causing billions in losses to U.S. critical infrastructure,” stated a State Department representative, Thomas Pigott. “Targeting service providers and tool developers, alongside direct ransomware operators, reflects a strategy to dismantle the networks sustaining global cybercrime.”

International Collaboration and Sanctions Details

OFAC’s actions align with the United Kingdom’s Foreign, Commonwealth & Development Office. The sanctions block all assets of the designated parties within U.S. jurisdiction and prohibit transactions involving them. Concurrently, the European Union and United Kingdom imposed penalties on multiple Russian individuals and entities, alleging their role in orchestrating hacking groups responsible for cyberattacks across Europe.

The Interconnected Nature of Ransomware Ecosystems

The Treasury Department’s measures underscore ongoing efforts to disrupt infrastructure supporting cybercriminal activities. The case highlights the interconnected nature of ransomware ecosystems, where anonymization services and obfuscation tools play critical roles in enabling large-scale attacks.


Blog Image

About Author

en_USEnglish