US Sanctions FirstVPN and Ransomware Enablers Amid Rising Cybercrime Threats

US Sanctions FirstVPN and Ransomware Enablers Amid Rising Cybercrime Threats

First seen 13 Jul 2026, 19:28 UTC TradersunionTherecord.MediaTrmlabsThecyberexpressThehackernews+3 87% similarity 73.8

Article Content

Browse articles
ThreatCluster

On July 13, 2026, the U.S. Treasury's OFAC sanctioned FirstVPN, its administrator Dmytro Rashevskyi, and malware cryptor Yevgeniy Vladimirovich Silayev for facilitating ransomware attacks against U.S. entities. These sanctions target the infrastructure that supports ransomware operations, which have caused billions in losses. FirstVPN has been linked to numerous ransomware groups since 2014, promoting a no-logs policy and refusing law enforcement cooperation. The action aligns with a broader strategy to disrupt the cybercrime ecosystem and was coordinated with the UK. The sanctions block all property of the designated parties in the U.S., and any U.S. person is prohibited from transactions involving them. This follows a May 2026 takedown of 1VPNS's infrastructure by European law enforcement, supported by the FBI. The impact includes U.S. businesses, hospitals, and municipal governments affected by ransomware attacks using FirstVPN's services.

Key Points: • U.S. sanctions target FirstVPN, its administrator, and a malware cryptor for ransomware support. • The sanctions block all property of the designated parties in the U.S. and prohibit transactions. • The action is part of a coordinated effort with the UK to disrupt the cybercrime ecosystem.

ThreatCluster AI

Timeline

2026-05-01
1VPNS infrastructure takedown
European law enforcement, aided by the FBI, dismantled 1VPNS's operations, disrupting ransomware support.
Trmlabs
2026-07-13
U.S. sanctions announced
OFAC sanctioned FirstVPN, Dmytro Rashevskyi, and Yevgeniy Silayev for enabling ransomware attacks against U.S. entities.
Thecyberexpress
2026-07-14
Sanctions reported widely
Multiple news outlets reported on the U.S. sanctions against FirstVPN and its associates, highlighting the ongoing cybercrime threat.
Trmlabs

Community

Browse all →