Back to Industry

Industry - Data Breach

moderateAnti-PrivacyData Breach

Executive Summary

The U.S. Treasury sanctioned VPN provider First VPN Service and its Ukrainian administrator for enabling ransomware groups to hide their identities and evade detection while attacking American hospitals, schools, and businesses. The service, which operated since 2014 and promised not to keep user logs or cooperate with law enforcement, was previously shut down by European and U.S. authorities in May. While VPNs are commonly used for legitimate privacy purposes, this case highlights how the sa...

What Happened

On July 13, 2026, the U.S. Treasury Department sanctioned First VPN Service (1VPNS) and its Ukrainian administrator Dmytro Rashevskyi for facilitating ransomware attacks on American critical infrastructure including hospitals, schools, municipalities, and businesses. The service, which operated since 2014 and marketed itself as log-free and unwilling to cooperate with law enforcement, was previously shut down by European and FBI authorities in May 2026. Rashevskyi allegedly used fake identities to purchase server infrastructure from companies that would have otherwise refused service due to abuse complaints.

Who Is Affected

American hospitals, schools, municipalities, businesses, and critical infrastructure providers who were targeted by ransomware groups using First VPN to disguise their attacks have suffered billions of dollars in losses. The sanctions directly impact Rashevskyi and anyone in the U.S. who would conduct transactions with the designated entities. Legitimate VPN users may face increased scrutiny as regulators target privacy tools exploited for criminal purposes.

Why It Matters

This action represents a shift in enforcement strategy where authorities target infrastructure providers and tool suppliers rather than solely pursuing individual ransomware operators, potentially disrupting operations for multiple criminal groups simultaneously. The case demonstrates how privacy-preserving services marketed with promises of anonymity and non-cooperation with law enforcement can become essential infrastructure for organized cybercrime. The dual-use nature of VPN technology creates tension between legitimate privacy needs and criminal exploitation that regulatory bodies are now actively addressing through financial sanctions.

What You Should Do

If you use VPN services, verify that your provider has transparent ownership, operates in jurisdictions with clear legal frameworks, and maintains legitimate business practices rather than marketing non-cooperation with law enforcement. Organizations should review their cybersecurity defenses and incident response plans, particularly if they operate critical infrastructure that ransomware groups typically target. Individuals and businesses affected by ransomware attacks should report incidents to the FBI's Internet Crime Complaint Center (IC3) and maintain regular offline backups of critical data.

Summary generated from verified sources and reviewed before publication. How we summarize.

The U.S. Treasury sanctioned VPN provider First VPN Service and its Ukrainian... - Industry | PrivacyWire