A VPN (opens in new tab) service frequently used by cybercriminals to launch ransomware (opens in new tab) attacks and spread malware (opens in new tab) online has been taken down as part of a joint operation between Europol (opens in new tab) and law enforcement authorities from 10 different countries.
On January 17, disruptive actions took place in a coordinated manner in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine the US and the UK as law enforcement from each country seized or disrupted 15 servers (opens in new tab) used to host VPNLab.net.
Europol's European Cybercrime Centre (EC3 (opens in new tab)) provided support for the operation through its Analysis Project 'CYBORG' which organized over 60 coordination meetings and three in-person workshops while also providing both analytical and forensic support.
Head of the EC3, Edvardas Šileris explained in a press release (opens in new tab) how data gathered in this operation will be used to help Europol find its next target, saying:
“The actions carried out under this investigation make clear that criminals are running out of ways to hide their tracks online. Each investigation we undertake informs the next, and the information gained on potential victims means we may have pre-empted several serious cyberattacks and data breaches.”
A VPN for cybercriminals
First established in 2008, VPNLab.net provided VPN services based on OpenVPN (opens in new tab) and utilized 2048-bit encryption to provide its customers with online anonymity for as little as $60 per year. In addition to a regular VPN, the site also provided a double VPN (opens in new tab) where internet traffic would pass through multiple VPN servers before arriving at its destination.
According to Europol, law enforcement first took interest in VPNLab after multiple investigations revealed that cybercriminals were using the service for illicit activities including malware distribution. Meanwhile, other cases showed that the service was used to set up infrastructure and communications behind ransomware campaigns. In a press release (opens in new tab), Ukraine's cyberpolice revealed that VPNLab was used in at least 150 ransomware attacks.
While VPNLab has now been shut down, the owners and operators of the service have yet to be identified, charged or arrested. However, data seized from the service's servers could hold valuable evidence on who was behind the operation.
At the same time, law enforcement plans to comb through VPNLab's customer data with the aim of identifying additional ransomware affiliates (opens in new tab).
We've also featured the best endpoint security software (opens in new tab) and best identity theft protection (opens in new tab)
Via BleepingComputer (opens in new tab)