Americans lost more than $20 billion to cybercrime last year, filed more than a million complaints, and saw losses jump 26 percent in a single year. For years, the federal government let that number climb. Under President Trump, the FBI is finally doing something about it.
Today, the FBI is announcing Operation Riptide, an ongoing, coordinated law enforcement campaign targeting cybercriminal actors and the key services they rely on—their infrastructure, their tools and services, their communications platforms, and their money. Operation Riptide is… pic.twitter.com/ixTp8xMePn
— FBI Cyber Division (@FBICyberDiv) June 9, 2026
Today, the FBI is announcing Operation Riptide, an ongoing, coordinated law enforcement campaign targeting cybercriminal actors and the key services they rely on—their infrastructure, their tools and services, their communications platforms, and their money. Operation Riptide is a collective effort that implements the priorities set out in Executive Order 14390 and the National Cyber Strategy.
In recent weeks, the FBI carried out a broad range of enforcement actions against cyber threat actors, serving search warrants, securing indictments, arresting suspects, and dismantling criminal infrastructure.
This marks the beginning of a focused, sustained 60-day national effort. Cybercrime carries real-world consequences, and the FBI remains committed to disrupting malicious cyber activity and holding cybercriminals accountable.
The bureau launched Operation Riptide on Tuesday, a sustained nationwide campaign targeting not just the hackers pulling off attacks but the criminal support system keeping them in business: the VPNs, the forums, the payment networks, the servers. Knock out enough of that infrastructure, and the math changes for everyone depending on it. Trump's cyber strategy and Executive Order 14390 set the directive, and all 56 FBI field offices, along with law enforcement attachés worldwide, are now running with it.
The first target to fall was First VPN Service, a company that built its business around criminals and dressed it up as a privacy tool. Since around 2014, First VPN quietly routed internet traffic through servers in roughly 27 countries, including three inside the United States in California, Florida, and New York, while advertising almost exclusively on Russian-language criminal dark web forums where hackers buy and sell stolen credentials, hacking tools, unauthorized system access, and contraband. Nobody stumbles into that marketing channel by accident.
Read More: Foreign Crypto Scam Networks Targeted Americans for Years. The DOJ Just Hit Back.
$510M AI Smuggling Case Blows Hole in U.S. Export Controls on China
At least 25 ransomware groups, including Avaddon Ransomware, used First VPN's infrastructure to scope out targets and break into business networks worldwide, costing companies millions of dollars. Avaddon was a prolific operation that hit hundreds of businesses globally before abruptly shutting down in June 2021 and releasing decryption keys for nearly 3,000 victims, widely attributed to mounting law enforcement pressure. The service's IP addresses also showed up in botnets, denial-of-service attacks, scams, and straight-up hacking. Visitors to First VPN's website now find a seizure banner from law enforcement.
FBI Boston Special Agent in Charge Ted E. Docks had a message for whoever comes shopping for the next "anonymous" tool:
"The FBI is proud to support its international partners with the takedown of this malicious service. This operation has dealt a significant blow to a business that serviced, shielded, and catered to cybercriminals."
Docks continued:
"Let me be clear: anonymity does not grant immunity. Our goal is to make cybercrime harder, riskier, and far less profitable for those behind it."
France's cybercrime unit and the Dutch National Police led the takedown, with Ukraine, the United Kingdom, Switzerland, and Luxembourg assisting. FBI Boston and the FBI Cyber Division had been building the case with foreign partners since 2021.
Assistant Director Brett Leatherman was direct about what the operation has already produced:
"In recent weeks, the FBI carried out a broad range of enforcement actions against cyber threat actors, serving search warrants, securing indictments, arresting suspects, dismantling criminal infrastructure, and seizing millions in cryptocurrency."
The FBI says it will keep the pressure on for at least 60 days, with more actions to come. Russian criminal forums, ransomware gangs, and the services propping them up have operated with near-total impunity for years. The FBI is changing that.
The FBI expects more arrests, more seizures, and more takedowns. That is what it looks like when the federal government does its actual job.
Editor’s Note: Help us continue to report the truth about corrupt politicians.
Join RedState VIP and use promo code FIGHT to receive 60% off your membership.
Join the conversation as a VIP Member