By SCM / Tech Correspondent
WASHINGTON, D.C. — In a coordinated clampdown aimed at choking off the foundational logistics of global cybercrime, the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) has announced sweeping sanctions against two individuals and one specialized entity accused of acting as key enablers for ransomware syndicates and other malicious cybercriminals.
According to federal authorities, the blacklisted actors did not necessarily deploy malware themselves. Instead, they provided the critical, “bulletproof” technical infrastructure, virtual private networks (VPNs), and software obfuscation tools that allowed elite threat actors to infiltrate networks undetected. Ransomware groups utilizing these specialized services have caused billions of dollars in losses to U.S. businesses, municipal governments, and critical infrastructure providers.
The enforcement action marks an aggressive shift in Washington’s counter-cybercrime strategy, pivoting away from chasing isolated hackers to methodically dismantling the illicit commercial ecosystem that keeps ransomware operations highly profitable.
The specific targets named in the Treasury’s enforcement action represent the hidden supply chain of the digital underworld. Treasury officials designated First VPN Service (1VPNS), a prominent virtual private network provider operating within the criminal underground, alongside its primary administrator, Dmytro Rashevskyi. 1VPNS allegedly marketed its secure routing services directly to ransomware syndicates, allowing attackers to obscure their physical locations while exfiltrating sensitive corporate data.
In tandem, OFAC designated Yevgeniy Vladimirovich Silayev, an underground developer specializing in the commercial sale of “cryptors.” In the cybercrime landscape, cryptors are highly sophisticated software utilities used by hackers to alter the underlying code of a piece of malware or ransomware.
By systematically masking the digital signature of the virus, a cryptor allows the malicious software to bypass enterprise-grade security systems, firewalls, and antivirus detection engines.
”We are systematically targeting the actors who enable ransomware attacks against Americans and our critical infrastructure,” said Gene Lange, performing the duties of the Under Secretary for Terrorism and Financial Intelligence.
“Treasury is using every available tool to disrupt the broader cybercriminal ecosystem.”
The enforcement action reflects a deeply integrated, multi-jurisdictional offensive. The economic blockades were closely coordinated with the United Kingdom’s Foreign, Commonwealth & Development Office (FCDO), which concurrently leveled parallel sanctions against a broader network of European and Eurasian cybercriminals and financial conduits.
Furthermore, the public financial sanctions follow an extensive, multi-month covert operation. In May, European law enforcement authorities, heavily backed by the Federal Bureau of Investigation’s (FBI) Boston Field Office, successfully seized the primary server infrastructure and domain registry of 1VPNS, knocking the provider offline.
To help private organizations protect their digital perimeters, the FBI, alongside the Cybersecurity and Infrastructure Security Agency (CISA), has published a detailed cybersecurity advisory mapping out the exact technical tactics, techniques, and procedures (TTPs) previously favored by the sanctioned network.
The operational impact of an OFAC designation is absolute. As a result of the Treasury’s mandate, all property, digital assets, and interests in property belonging to 1VPNS, Rashevskyi, and Silayev that fall within U.S. jurisdiction—or are held by U.S. persons—are immediately frozen and must be reported directly to federal authorities.
Asset Freezing: Immediate freeze on all funds, crypto-wallets, and property tied to the designated entities.
Strict Transaction Ban: Complete prohibition on U.S. citizens, financial institutions, and insurance firms transacting with the targets.
Strict Liability Risk: Companies paying ransoms that route through these enablers face civil and criminal penalties, even without prior knowledge.
For corporate entities, tech enterprises, and insurance firms, the announcement serves as a stark warning. OFAC operates on a “strict liability” framework regarding sanctions compliance.
If an American business suffers a ransomware attack and subsequently attempts to pay an extortion demand, it risks severe federal penalties if the underlying financial routing interacts with a blacklisted entity or its associated digital wallets.
As the volume of multi-million dollar corporate extortions continues to rise, global law enforcement is making it clear: those who build the armor for cybercriminals will be locked out of the legitimate financial world entirely.

