Treasury sanctions VPN service used by ransomware operators
First VPN Service and its Ukrainian administrator face U.S. sanctions for facilitating ransomware attacks; a Belarusian cryptor developer also designated.
The U.S. Treasury Department has imposed sanctions on First VPN Service (1VPNS) and its Ukrainian administrator for providing infrastructure that enabled ransomware groups to operate. The action marks a targeted effort to disrupt the commercial services that underpin cybercriminal operations.
The service allowed ransomware actors to mask their locations and evade law enforcement while conducting attacks against U.S. and allied targets. Treasury's Office of Foreign Assets Control (OFAC) designated both the VPN provider and the individual running it, effectively cutting off their access to the U.S. financial system and prohibiting American entities from doing business with them.
In a parallel action, Treasury sanctioned a Belarusian national for developing malware "cryptors" — tools that obfuscate malicious code to evade detection by antivirus software. These cryptors are sold to ransomware operators and other cybercriminals, enabling them to deploy their payloads without triggering security defenses.
- 01Ransomware groups must find alternative VPN providers, increasing operational risk and cost
- 02VPN services catering to criminal clientele face heightened sanctions risk and banking exclusion
- 03Cryptor developers in Eastern Europe now operate under expanded U.S. enforcement scrutiny
- 04Organizations should audit vendor relationships for sanctions exposure in cybersecurity supply chains
Windows zero-day grants admin access on patched systems
Researcher releases LegacyHive exploit enabling privilege escalation on current Windows versions, no patch available.
Ransomware attack halts Coca-Cola's Fairlife dairy production nationwide
Coca-Cola disclosed that a cyberattack on its Fairlife subsidiary has suspended all US production of the premium dairy brand.
Security firm automates zero-day discovery using AI code analysis
Intruder's vulnerability vending machine combines code slicing with large language models to find exploitable flaws without human analysts.