A VPN service used by cybercriminals to distribute ransomware, malware and other cybercriminal activity has been taken offline following an international operation coordinated by Europol.
As part of the joint action by Europol, the German Police Department Hannover, the FBI, the UK’s National Crime Agency (NCA) and other agencies, all 15 servers used by the VPNLab.net service have been seized or interrupted, leaving the latter unavailable.
Hidden illicit activities
Europol explains that multiple investigations have found that criminals were using the VPNLab.net service to hide illicit activities such as malware distribution. Other cases showed the use of the service to set up the infrastructure and communications behind ransomware campaigns, as well as the deployment of ransomware.
Europol says that VPNLab.net was established in 2008. This service offered services based on OpenVPN technology and 2048-bit encryption to provide online anonymity, for just $60 a year. The service also provided double VPN, with servers located in many different countries. “This made VPNLab.net a popular choice for cybercriminals, who could use its services to continue committing their crimes without fear of being detected by the authorities,” the agency said.
Cybercriminals have also used this service to deploy malware while avoiding detection by authorities. Now that the servers have been seized, law enforcement is digging into customer data to try to identify cybercriminals and victims of cyberattacks.
Europol has not revealed what forms of malware and ransomware were distributed through this service.
the rope is tightening
As a result of the investigation, more than 100 businesses have been identified as being at risk of cyber attacks and law enforcement is working directly with them to mitigate any potential compromise.
“The actions taken as part of this investigation clearly show that criminals are running out of ways to hide their tracks online,” said Edvardas Šileris, Director of Europol’s European Cybercrime Center (EC3).
“Each investigation we carry out feeds into the next, and the insights gained into potential victims mean we may have prevented several serious cyberattacks and data breaches,” it adds.
Effective cooperation of international services
The action against VPNLab took place on January 17, 2022. It involved the authorities of Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the United States and the United Kingdom, as well as the support of Europol.
“An important aspect of this action is also to show that if service providers support an illegal action and do not provide any information to law enforcement, these services are not bulletproof,” stresses Volker Kluwe, head of the department of Hanover Police. who directed the dismantling. Service operators who fail to respond to law enforcement requests are called “bulletproof” operators in the world of computer security. This adjective can designate a VPN provider, but also an encrypted messaging provider or a website host.
“This operation shows the result of an effective cooperation of international services, which allows dismantling a global network and destroying those brands,” he argues.
This is the latest international police operation targeting cybercriminals and the services they use to carry out attacks, and it comes days after Russian authorities said they arrested members of the REvil ransomware group.
Woodmart Theme Nulled, WP Reset Pro, Newspaper 11.2, Newspaper – News & WooCommerce WordPress Theme, Premium Addons for Elementor, Rank Math Seo Pro Weadown, WeaPlay, WordPress Theme, Plugins, PHP Script, Jannah Nulled, Elementor Pro Weadown, Woocommerce Custom Product Ad, Business Consulting Nulled, Jnews 8.1.0 Nulled, Avada 7.4 Nulled, Nulledfire, Dokan Pro Nulled, Yoast Nulled, Flatsome Nulled, PW WooCommerce Gift Cards Pro Nulled, Astra Pro Nulled, Woodmart Theme Nulled, Slider Revolution Nulled, Wordfence Premium Nulled, Elementor Pro Weadown, Wpml Nulled, Consulting 6.1.4 Nulled, Fs Poster Plugin Nulled