US Sanctions VPN Provider 1VPNS Over Alleged Role in Supporting Hospital Ransomware Attacks
- U.S. Treasury sanctions VPN provider: OFAC sanctioned 1VPNS, its administrator, and a malware tool seller over ransomware support.
- Hospital ransomware links: Treasury said ransomware groups using 1VPNS infrastructure targeted hospitals, financial firms, and municipalities.
- No action for most VPN users: The sanctions apply only to designated entities, not legitimate VPN services or users.
The U.S. Department of the Treasury has imposed sanctions on a VPN provider and two individuals accused of supplying services and tools used by ransomware groups responsible for cyberattacks against hospitals, financial institutions, and local governments.
The sanctions were announced on July 13 by the Treasury's Office of Foreign Assets Control (OFAC) and are part of a broader effort to disrupt the infrastructure that cybercriminals rely on to launch ransomware campaigns.
Treasury Targets VPN Provider and Two Individuals
According to the official Treasury announcement, OFAC designated First VPN Service, also known as 1VPNS, along with its administrator, Dmytro Rashevskyi.
The agency also sanctioned Yegeniy Vladimirovich Silayev, a Belarusian national accused of selling "cryptors" - software designed to hide malicious code from antivirus and other security tools, making malware more difficult to detect.
Treasury officials said ransomware groups that used 1VPNS's infrastructure have targeted a range of organizations, including U.S. hospitals. The department noted that ransomware attacks against businesses and operators of critical infrastructure have resulted in billions of dollars in financial losses.
In a statement, Gene Lange, performing the duties of Under Secretary for Terrorism and Financial Intelligence, said the Treasury is using available authorities to disrupt the cybercrime ecosystem and protect Americans.
Action Follows International Law Enforcement Operation
The sanctions come after European law enforcement agencies dismantled 1VPNS's website and infrastructure in May 2026. The operation was supported by the FBI Boston Field Office and coordinated with authorities in the United Kingdom, whose Foreign, Commonwealth & Development Office announced related sanctions on the same day.
Treasury said the designations were issued under President Donald Trump's March 6 executive order aimed at combating cybercrime and cyber-enabled fraud targeting Americans.
As a result of the sanctions, any property or interests belonging to the designated individuals or entity that fall under U.S. jurisdiction are blocked. U.S. persons are also prohibited from engaging in transactions involving the sanctioned parties.
What This Means for VPN Users
The U.S. Treasury sanctions on VPN provider are directed specifically at 1VPNS and the named individuals. They do not apply to legitimate VPN services or indicate that VPN technology itself is associated with criminal activity.
For privacy-conscious users, the announcement highlights the importance of choosing reputable VPN providers with transparent ownership, independent security audits, and a demonstrated commitment to lawful operations.
No action is required for users of legitimate VPN services unless they have a relationship with the sanctioned provider.
The information in this report is verified through the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC), which issued the official sanctions announcement.










