Europol has announced that it has taken down VPNLab, a service used by ransomware gangs. For now, the European police force has seized 15 servers operated by the VPNLab team in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the United States and the United Kingdom.
No arrests have been announced, but the company’s services were down, and its main website now displays a banner indicating that it is seized by Europol. The most surprising thing is that before its closing today, VPNLab existed since 2008.
According to what is known so far, this virtual private network provider advertised its services on clandestine networks, of the Dark Net, by Internet and supplied to various groups of cybercriminals, including gangs committing ransomware attacks.
Ransomware what it is, how it infects and how to protect yourself
60 euros per year of registration
VPNLab.net was created in 2008 and offered services based on OpenVPN technology and 2048-bit encryption to provide online anonymity to any cybercriminal for as little as $60 a year. The service also offered a double VPN, with servers located in many different countries. This made VPNLab.net a popular choice for cybercriminals, who could use its services to continue committing crimes without fear of being detected by the authorities.
Different law enforcement agencies in Europe became interested in the provider after investigations uncovered various criminals** using the VPNLab.net service to facilitate illicit activities** such as malware distribution. Other cases found that the service was used to create an infrastructure and enable communications behind the ransomware campaigns, as well as the actual deployment of the ransomware.
As a result of the investigation, More than 100 companies have been identified as being at risk of cyberattacks. Law enforcement is working directly with these potential victims to mitigate their exposure, although they have not specified which companies they are or in which sectors they work.
The head of Europol’s European Cybercrime Center, Edvardas Šileris, said the information obtained about the possible victims has allowed the authorities to anticipate several serious cyberattacks and data breaches.
This operation is the second in history in which law enforcement forces act against a VPN provider for criminal groups, after Europol and the Dutch police took down DoubleVPN in June last year. DoubleVPN was frequently advertised on underground cybercrime forums, “both Russians and Anglophones”, as a way of masking the location and identity when carrying out ransomware and phishing attacks.