U.S. Sanctions First VPN Service for Allegedly Supporting Global Ransomware Gangs

Kinyua Njeri (Sam Kin)  - Tech Expert
Last updated: July 15, 2026
Share
US Sanctions First VPN Service for Allegedly Supporting Global Ransomware Gangs
  • The U.S. Treasury Department sanctioned First VPN Service and its administrator, Dmytro Rashevskyi, for supporting global ransomware operations.
  • A second individual, Yegeniy Vladimirovich Silayev, also faced penalties for creating and selling advanced malware-cloaking programs.
  • European police and the FBI previously shut down the service's physical infrastructure during a coordinated strike in May 2026.

A major digital defense move occurred as national administrators placed heavy financial blockades on a private internet shielding service. This decisive action aims to cripple the digital infrastructure that rogue extortion groups use to raid local communities. The targeted organization functioned as a specialized highway that helped international network intruders conceal their physical locations.

Furthermore, global policing agencies completed a physical seizure of the firm’s central database assets earlier this spring. The state treasury department coordinated these economic actions alongside international allies to protect local public services from ongoing disruption. Since these technical suppliers play a massive role in global cybercrime, safety leaders are shifting their main focus toward them.

Therefore, these fresh blockades will prevent any local business or individual from transferring funds to the accused service operators. The coordinated global crackdown represents a massive effort to protect emergency healthcare networks and school operations from costly outages.

Indeed, this legal step marks a major change in how international coalitions fight digital extortion operations. Thus, government officials want to make the virtual world much safer for everyday users and local businesses alike.

How a specialized internet shielding platform helped global cyber criminals evade tracking teams

The targeted entity operated under the market title of First VPN Service, which many web communities also call 1VPNS. Historically, this organization sold private internet paths that allowed clients to hide their web traffic and disguise their real computers. While normal citizens use these services to protect their personal privacy, bad actors utilize them to launch highly dangerous raids. The exploitation of VPN infrastructure has become a primary tactic for ransomware groups, experts warn.

Specifically, the firm catered heavily to underground extortion networks that lock computer systems to demand massive payouts. The digital provider operated openly on the message boards of the dark web from the time of their launch in 2014, promising customers total confidentiality. Moreover, the people behind the service boasted about their policy of not storing their clients’ data or working with authorities.

Numerous malicious teams purchased these private paths to safely run automated hacking networks and steal private files. To achieve global coverage, the company was very active in targeting people around the world. The digital operation of the service has resulted in damages worth billions of dollars, according to the U.S. Department of the Treasury.

The business operated as a massive digital shelter for internet outlaws who wanted to raid public targets without leaving footprints. As a result, regular customers faced severe risks of identity theft whenever they accessed unsecure public connection nodes.

The true identities of the advanced tech operators behind the illicit network systems

Government investigators identified the master organizer of the private routing firm as Dmytro Rashevskyi, a resident of Ukraine. To keep his business alive, this manager used fake names to purchase server space from legitimate hosting companies. However, many legal web companies would have blocked his requests if they knew his true background and illegal intentions.

Subsequently, internet service providers regularly sent complaints about the bad traffic coming directly from his specialized servers. Aside from this manager, officials also penalized a second individual named Yegeniy Vladimirovich Silayev, who originates from Belarus. This second software programmer specialized in constructing highly advanced digital cloaking tools that experts call cryptors.

He designed these programs specifically to wrap malicious software files in a harmless-looking digital shell. Consequently, traditional security scanners could not detect the hidden infection when users downloaded files onto their office computers.

Moreover, these designations make it illegal for any local financial entity to process payments for these targeted individuals. Indeed, this financial ban cuts off the critical revenue streams that these developers need to expand their operations.

Why targeting backend infrastructure suppliers is the best way to stop global intruders

For many years, police forces spent most of their time chasing individual hacking groups across the digital landscape; however, this old strategy felt like a game of whack-a-mole because new groups emerged every single month. By shifting their focus to the core tools and pathways, authorities can now disable multiple criminal teams at once.

Additionally, the loss of advanced cloaking tools means that standard computer defenses can easily block their malware files. These combined international penalties cause major damage to the overall reputation and earnings of these bad actors. In the long run, underground operators will find it much more expensive and difficult to run their operations.

However, local organizations must continue to update their internal defenses and train employees to spot suspicious files. Since digital thieves constantly adapt, the overall struggle to protect public networks remains a continuous global mission.

Also, removing these backend support services remains the most effective way to keep local public systems running safely. Thus, constant cooperation between governments and local businesses is vital to maintain a secure and reliable online landscape.

Share this article

About the Author

Kinyua Njeri is a journalist, blogger, and freelance writer. He’s a technology geek but mainly an internet privacy and freedom advocate. He has an unquenchable nose for news and loves sharing useful information with his readers. When not writing, Kinyua plays and coaches handball. He loves his pets!

More from Kinyua Njeri (Sam Kin)

Comments

No comments.