A VPN service used by cybercriminals to distribute ransomware, malware and other cybercriminal activities has been taken offline following an international operation coordinated by Europol.
As part of the joint action of Europol, German Police Department Hannover, FBI, UK National Crime Agency (NCA) and other agencies, the 15 servers used by the VPNLab service. net have been seized or disrupted, rendering the latter unavailable.
Hidden illicit activities
Europol explains that multiple investigations have found that criminals were using the VPNLab.net service to conceal illicit activities such as distributing malware. Other cases showed the use of the service in setting up the infrastructure and communications behind ransomware campaigns, as well as the deployment of ransomware.
Europol says VPNLab.net was established in 2008. This service offered services based on OpenVPN technology and 2048-bit encryption to provide online anonymity, for just $60 a year. The service also provided double VPN, with servers located in many different countries. “This made VPNLab.net a popular choice for cybercriminals, who could use its services to continue committing their crimes without fear of detection by authorities,” the agency said.
Cybercriminals have also used this service to deploy malware while avoiding detection by authorities. Now that the servers have been seized, law enforcement is investigating customer data to try to identify cybercriminals and victims of cyberattacks.
Europol has not revealed what forms of malware and ransomware were distributed through this service.
The noose is tightening
As a result of the investigation, more than 100 companies have been identified as being at risk from cyberattacks and law enforcement is working directly with them to mitigate any potential compromises.
“The actions taken as part of this investigation clearly show that criminals are running out of ways to hide their tracks online,” points out Edvardas Šileris, director of Europol’s European Cybercrime Center (EC3).
“Each investigation we conduct feeds into the next, and the insights gained into potential victims means we may have avoided several serious cyberattacks and data breaches,” he adds.
Effective cooperation of international services
The action against VPNLab took place on January 17, 2022. It involved the authorities of Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the States United States and the United Kingdom, as well as the support of Europol.
“An important aspect of this action is also to show that, if the service providers support an illegal action and do not provide any information to law enforcement, these services are not bulletproof”, underlines Volker Kluwe, head of the department of Hannover police, who led the dismantling. Service operators who fail to respond to requests from law enforcement are dubbed “bulletproof” operators in the computer security world. This adjective can designate a VPN provider, but also an encrypted messaging provider or a website host.
“This operation shows the result of effective cooperation of international services, which makes it possible to decommission a global network and destroy such marks”, he argues.
This is the latest international law enforcement operation targeting cybercriminals and the services they use to carry out the attacks, and comes days after Russian authorities said they arrested members of the ransomware group. REvil.
Source: ZDNet.com