VPNLab takedown: Authorities dismantle secure communication tool favored by cybercriminals

VPN service was being used to support ‘serious criminal acts’, Europol says

Law enforcement authorities from around the world have joined forces to dismantle VPNLab.net, a virtual private network (VPN) service that’s claimed to have been a favorite among ransomware operators and other cybercriminals.

On January 17, coordinated “disruptive actions” took place in Germany, the Netherlands, Canada, the Czech Republic, France, the UK, Hungary, Latvia, Ukraine, and the US.

“Law enforcement authorities have now seized or disrupted the 15 servers that hosted VPNLab.net’s service, rendering it no longer available,” according to a news release from Europol today (January 18).

“Led by the Central Criminal Office of the Hanover Police Department in Germany, the action took place under the EMPACT security framework objective.”

‘Double VPN’ service

According to Europol, VPNLab’s shielded communication and internet access services were being used “in support of serious criminal acts such as ransomware deployment and other cybercrime activities”.

For more than a decade, it offered ‘double VPN’ services based on OpenVPN technology and 2048-bit encryption to provide online anonymity for as little as $60 per year.

Read more of the latest cybercrime news

“Law enforcement took interest in the provider after multiple investigations uncovered criminals using the VPNLab.net service to facilitate illicit activities such as malware distribution,” Europol said.

“Other cases showed the service’s use in the setting up of infrastructure and communications behind ransomware campaigns, as well as the actual deployment of ransomware. At the same time, investigators found the service advertised on the dark web itself.”

‘Effective cooperation’

Commenting on the VPNLab.net takedown, Edvardas Šileris, head of Europol’s European Cybercrime Centre, said: “The actions carried out under this investigation make clear that criminals are running out of ways to hide their tracks online.

“Each investigation we undertake informs the next, and the information gained on potential victims means we may have pre-empted several serious cyber-attacks and data breaches.”

RECOMMENDED Celebrations over REvil ransomware arrests in Russia may be premature

Volker Kluwe, chief of Hanover Police Department in Germany, added: “One important aspect of this action is also to show that, if service providers support illegal action and do not provide any information on legal requests from law enforcement authorities, that these services are not bulletproof.

“This operation shows the result of an effective cooperation of international law enforcement agencies, which makes it possible to shut down a global network and destroy such brands.”

YOU MIGHT ALSO LIKE DDoS attacks increasing year on year as cybercriminals demand extortionate payouts