VPNLab.net, a VPN provider that was used by malicious actors to deploy ransomware and facilitate other cybercrimes, was taken offline following a coordinated law enforcement operation.
Europol said it took action against the misuse of the VPN service by grounding 15 of its servers on January 17 and rendering it inoperable as part of a disruptive action that took place across Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the U.S., and the U.K.
A second outcome of the seizure is that at least 100 businesses that have been identified as at risk of impending cyber attacks are being notified. Europol didn’t disclose the names of the companies.
Established in 2008, the tool provided an advanced level of anonymity by offering double VPN connections to its clients — wherein the internet traffic is routed through two VPN servers located in different countries instead of one — for as cheap as $60 a year.
“This made VPNLab.net a popular choice for cybercriminals, who could use its services to carry on committing their crimes without fear of detection by authorities,” Europol detailed in a press release, adding it “provided a platform for the anonymous commission of high value cybercrime cases, and was involved in several major international cyberattacks. “
VPNLab.net was reportedly discovered by law enforcement officers when it’s infrastructure became widely used for disseminating malware. Investigators also found evidence that the service had been advertised on the dark internet.
In a separate announcement, Ukraine’s Cyber Police said the VPN service was used in more than 150 ransomware infections, causing the victims to shell out a total of EUR60 million in ransom payments.
The authorities have taken the latest steps to shut down VPNLab.net, which is linked to criminal organizations. In December 2020, bulletproof VPN service Safe-Inet was shut down and this was followed by the takedown of DoubleVPN in June 2021.
“The actions carried out under this investigation make clear that criminals are running out of ways to hide their tracks online,” Edvardas Sileris, head of Europol’s European Cybercrime Centre (EC3), said. “Each investigation we undertake informs the next, and the information gained on potential victims means we may have pre-empted several serious cyberattacks and data breaches. “