The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has officially sanctioned two individuals and one entity for their roles in enabling destructive ransomware attacks against American organizations. The federal action specifically targets First VPN Service, commonly known as 1VPNS, alongside its administrator, Dmytro Rashevskyi, for actively catering to cybercriminals. This administrative crackdown marks a significant step in disrupting the specialized digital infrastructure that shields malicious actors from tracking and accountability.
Operating since 2014, 1VPNS built its entire business model on cybercriminal forums by explicitly promising absolute anonymity, zero logs, and total non-cooperation with global law enforcement agencies. To keep the operation running, Rashevskyi allegedly utilized a network of stolen and false identities, such as "Maksim Sorin" and "Roman Chabanenko," to purchase critical hosting infrastructure. This deception allowed the service to bypass the abuse filters of legitimate technology companies that would have otherwise denied them service due to frequent misconduct complaints.
These financial sanctions follow on the heels of a massive international law enforcement sweep in May that successfully dismantled the provider's website and core server network. Dubbed "Operation Saffron," the takedown was spearheaded by French and Dutch authorities, with pivotal operational support provided by the FBI's Boston Field Office. The coordinated strike effectively crippled the operational capacity of the service, transitioning the fight from the digital realm into the financial sector.
The breakthrough against the illicit network was the culmination of a multi-year investigation that initially began in December 2021. Law enforcement officers successfully infiltrated the VPN’s private infrastructure months before the final takedown, quietly gathering the platform's entire user database. This covert access allowed investigators to map out the entire criminal ecosystem relying on the network before pulling the plug on its operations.
Ultimately, the joint international operation resulted in the seizure of 33 servers spanning 27 different countries and led to the direct arrest of its administrator. According to Europol, the impact of the raid is monumental, as the 1VPNS name had consistently surfaced in almost every major cybercrime investigation across Europe, effectively unmasking thousands of ransomware operators and fraudsters worldwide.
Source: https://home.treasury.gov/news/press-releases/sb0559


