ATLAS · LIVE
ATLAS INDEX
Δ 24H
ACTIVE SOURCES20
HOTSPOTS20
TIME17:59:44 UTC
← All briefs
HIGHCyber IntelligenceTuesday, July 14, 2026

Treasury sanctions VPN service used by ransomware operators

First VPN Service and its Ukrainian administrator face U.S. sanctions for facilitating ransomware attacks; a Belarusian cryptor developer also designated.

The U.S. Treasury Department has imposed sanctions on First VPN Service (1VPNS) and its Ukrainian administrator for providing infrastructure that enabled ransomware groups to operate. The action marks a targeted effort to disrupt the commercial services that underpin cybercriminal operations.

The service allowed ransomware actors to mask their locations and evade law enforcement while conducting attacks against U.S. and allied targets. Treasury's Office of Foreign Assets Control (OFAC) designated both the VPN provider and the individual running it, effectively cutting off their access to the U.S. financial system and prohibiting American entities from doing business with them.

In a parallel action, Treasury sanctioned a Belarusian national for developing malware "cryptors" — tools that obfuscate malicious code to evade detection by antivirus software. These cryptors are sold to ransomware operators and other cybercriminals, enabling them to deploy their payloads without triggering security defenses.

The rest of this brief is inside the platform

Continue reading. Free.

A free Atlas account unlocks the full briefing, the co-analyst, daily delivery to your inbox, and a sector-personalised feed.

Full brief
Implications, sources, methodology
Co-Analyst
Ask follow-ups on every brief
Sector feed
Briefs filtered to what matters to you
Implications
  • 01Ransomware groups must find alternative VPN providers, increasing operational risk and cost
  • 02VPN services catering to criminal clientele face heightened sanctions risk and banking exclusion
  • 03Cryptor developers in Eastern Europe now operate under expanded U.S. enforcement scrutiny
  • 04Organizations should audit vendor relationships for sanctions exposure in cybersecurity supply chains
Source
The Record
https://therecord.media/first-vpn-administrator-us-sanctions-ransomware-groups
Brief is editorial commentary by Atlas Intelligence based on the cited public reporting. Atlas does not reproduce source text. Verify primary source before action.
#sanctions#ransomware#vpn#ofac#malware#treasury
Related Briefs