Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

The Global Cybercrime Ecosystem: U.S. Treasury Sanctions VPN Provider and Cryptor Seller Behind Billions in Ransomware Losses




The U.S. Treasury's Office of Foreign Assets Control has sanctioned two individuals and one entity for supplying tools and infrastructure to ransomware groups that have caused billions of dollars in losses to American businesses and critical infrastructure providers. The sanctions targeted a VPN provider and a cryptor seller, who were accused of enabling ransomware gangs to carry out attacks on U.S. companies and institutions.

  • The U.S. Treasury's Office of Foreign Assets Control has sanctioned two entities, First VPN Service (1VPNS) and Yegeniy Vladimirovich Silayev, for enabling ransomware gangs that have caused billions of dollars in losses to American businesses.
  • The sanctions follow a May 2026 European law enforcement takedown of 1VPNS's website and servers by French and Dutch authorities, with support from the FBI's Boston Field Office.
  • The action is part of the Trump administration's efforts to harden U.S. financial and digital systems against foreign cybercrime, under Executive Order 14390 of March 6, 2026.
  • The sanctions freeze assets and bar transactions with the targeted entities and individuals, in an effort to disrupt the global cybercrime ecosystem.



  • The global cybercrime ecosystem has once again been targeted by law enforcement agencies, as the U.S. Treasury's Office of Foreign Assets Control (OFAC) has sanctioned a VPN provider and a cryptor seller for their role in enabling ransomware gangs that have caused billions of dollars in losses to American businesses and critical infrastructure providers.

    The sanctions were announced on July 13, 2026, and targeted First VPN Service (1VPNS), a virtual private network (VPN) provider whose principal clients include ransomware actors and other cybercriminals. The entity was also sanctioned for allegedly providing tools and infrastructure to ransomware groups that have been used in attacks on U.S. companies and institutions.

    The sanctions follow a May 2026 takedown of 1VPNS's website and servers by European law enforcement, with support from the FBI's Boston Field Office, as part of Operation Saffron led by French and Dutch authorities. The investigation had started in December 2021, with law enforcement infiltrating 1VPNS infrastructure and collecting its user database before dismantling it — 33 servers across 27 countries, and thousands of users exposed.

    The second designation targets Yegeniy Vladimirovich Silayev, a Belarusian national who sells cryptors: tools that disguise malware as harmless files to get past security software. Silayev supplied these obfuscation services to ransomware operators targeting U.S. and allied organizations. Treasury estimates the combined operations involving 1VPNS and Silayev's cryptors have caused billions in losses.

    The State Department framed the action explicitly as targeting the supply chain behind ransomware, not just the operators themselves. "These actors supplied ransomware groups with tools to hide their identities, disguise malicious software, and evade detection — enabling attacks that have caused billions of dollars in losses to U.S. critical infrastructure providers." reads the press release published by the U.S. State Department.

    "This action reflects the United States' commitment to working with allies and partners to disrupt the global cybercrime ecosystem. Today's designations are coordinated with the United Kingdom's Foreign, Commonwealth & Development Office, and follow a May 2026 European law enforcement takedown of 1VPNS's infrastructure, supported by the FBI."

    The sanctions were announced as part of the Trump administration's efforts to harden U.S. financial and digital systems against foreign cybercrime, under Executive Order 14390 of March 6, 2026. The action freezes any U.S.-jurisdiction assets of the named individuals and entities and bars U.S. persons and businesses from any transactions involving them.

    The global cybercrime ecosystem is a complex web of actors and organizations that work together to carry out malicious activities, including ransomware attacks. Ransomware gangs have become increasingly sophisticated in recent years, using AI-powered tools to build custom malware that can evade security systems.

    The U.S. Treasury's Office of Foreign Assets Control has taken steps in the past to disrupt these efforts, targeting individuals and entities involved in supplying tools and infrastructure to ransomware groups. However, the global cybercrime ecosystem is constantly evolving, with new actors and organizations emerging all the time.

    In this case, the sanctions targeted 1VPNS and Yegeniy Vladimirovich Silayev, a Belarusian national who sells cryptors: tools that disguise malware as harmless files to get past security software. The action reflects the United States' commitment to working with allies and partners to disrupt the global cybercrime ecosystem.

    The future of cybersecurity is uncertain, but one thing is clear: law enforcement agencies will continue to play a critical role in disrupting the activities of ransomware gangs and other malicious actors.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/The-Global-Cybercrime-Ecosystem-US-Treasury-Sanctions-VPN-Provider-and-Cryptor-Seller-Behind-Billions-in-Ransomware-Losses-ehn.shtml

  • https://securityaffairs.com/195336/security/u-s-treasury-sanctions-vpn-provider-and-cryptor-seller-behind-billions-in-ransomware-losses.html


  • Published: Wed Jul 15 05:47:00 2026 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us