A VPN service frequently used by cybercriminals to launch ransomware attacks and spread malware online has been taken down in a joint operation between Europol and law enforcement authorities from 10 different countries.
On January 17, disruptive actions took place in a coordinated manner in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the United States and the United Kingdom, law enforcement in each country seized or disrupted 15 servers used to host VPNLab.net.
Europol’s European Cybercrime Center (EC3) supported the operation through its “CYBORG” analysis project, which organized more than 60 coordination meetings and three in-person workshops while providing a analytical and forensic support.
Head of EC3, Edvardas Šileris explained in a Press release how the data collected during this operation will be used to help Europol find its next target, saying:
“The actions taken in this investigation clearly show that criminals lack the means to hide their tracks online. Each investigation we undertake informs the next, and insights gained into potential victims mean we may have anticipated several serious cyberattacks and data breaches.
A VPN for cybercriminals
Established in 2008, VPNLab.net provided OpenVPN-based VPN services and used 2048-bit encryption to provide customers with online anonymity for as little as $60 per year. In addition to a regular VPN, the site also provided a double VPN where internet traffic passed through multiple VPN servers before arriving at its destination.
According to Europol, law enforcement first became interested in VPNLab after multiple investigations revealed cybercriminals were using the service for illicit activities, including distributing malware. Meanwhile, other cases have shown the service being used to set up infrastructure and communications behind ransomware campaigns. In one Press release, Ukrainian cyberpolice revealed that VPNLab had been used in at least 150 ransomware attacks.
While VPNLab has now been shut down, the owners and operators of the service have yet to be identified, charged or arrested. However, data captured on the service’s servers could contain valuable evidence about who was behind the operation.
At the same time, law enforcement plans to comb through VPNLab’s customer data in an effort to identify other ransomware affiliates.
We also presented the best endpoint security software and better protection against identity theft
Going through BeepComputer
