OFAC hit First VPN Services and two individuals with sanctions Monday, closing the loop on a case I’ve been tracking since Europol’s May sting on the same outfit.
The Treasury designation names 1VPNS, its Ukrainian administrator Dmytro Rashevskyi, and Belarusian national Yegeniy Vladimirovich Silayev. Silayev’s angle was different: selling “cryptors,” tools that repackage ransomware to look like harmless files. OFAC’s language draws a sharp line here: legitimate encryption protects data, cryptors exist to defeat detection.
Victims tied to 1VPNS infrastructure include U.S. hospitals, financial services firms, and municipal governments, per Treasury. TRM Labs found the service pricing ransomware access as low as $723 for the Anubis group and $58 for Sinobi, small subscription fees that nonetheless left an on-chain trail.
This one’s the enforcement half of a two-step play. Europol’s May operation already seized 1VPNS servers and arrested an administrator in Ukraine; OFAC didn’t confirm Monday whether Rashevskyi is that same person. It freezes any U.S.-touching assets and criminalizes dealings with 1VPNS for anyone in the financial system, well after the servers are already dark.
Worth watching whether Treasury names the arrested administrator explicitly in a follow-up filing.
— Rebecca Lauren