
US Sanctions 1VPNS Administrator Rashevskyi for Ransomware Infrastructure Support
First US sanctions against a VPN administrator tied to ransomware groups target 1VPNS operator Dmytro Rashevskyi. Designations expand infrastructure disruption beyond operators to service providers. Global effects expected on anonymity services used by multiple gangs.
The designations mark the first direct US sanctions against a VPN operator explicitly tied to multiple ransomware campaigns. Rashevskyi procured servers under false identities after ISPs flagged abuse, while the service advertised non-cooperation with law enforcement on Russian forums. This extends the infrastructure disruption pattern seen in the May Europol-FBI takedown of the same provider.
Evidence from Treasury filings shows 1VPNS enabled botnet command channels and cryptor distribution alongside ransomware staging. Silayev's separate designation for cryptor sales highlights parallel targeting of malware tooling suppliers. Official statements omit named groups, but forum archives link the service to Conti and LockBit affiliates through shared infrastructure purchases.
Prior sanctions focused on operators and money mules; shifting to enablers like bulletproof VPNs and hosting creates upstream friction that raises operational costs across gangs. Cross-referenced procurement records show similar providers adjusting terms of service post-takedown, indicating market adaptation.
Next actions likely include secondary sanctions on upstream providers and renewed pressure on bulletproof hosting jurisdictions. Law enforcement access to seized logs could trigger follow-on designations within 60 days.
OFAC: Two additional no-log VPN providers receive designations within 90 days if seized 1VPNS logs surface in indictments.
Sources (2)
- [1]Primary Source(https://home.treasury.gov/news/press-releases/jy2843)
- [2]Supporting Source(https://www.europol.europa.eu/media-press/newsroom/news/vpn-service-used-by-ransomware-gangs-taken-down)