Europol shuts down VPN used by cybercriminal groups

artistic representation of a hacker
Image credit: Shutterstock (Image credit: Shutterstock)

A VPN service frequently used by cybercriminals to launch ransomware attacks and spread malware online has been taken down as part of a joint operation between Europol and law enforcement authorities from 10 different countries.

On January 17, disruptive actions took place in a coordinated manner in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine the US and the UK as law enforcement from each country seized or disrupted 15 servers used to host VPNLab.net.

Europol's European Cybercrime Centre (EC3) provided support for the operation through its Analysis Project 'CYBORG' which organized over 60 coordination meetings and three in-person workshops while also providing both analytical and forensic support.

Head of the EC3, Edvardas Šileris explained in a press release how data gathered in this operation will be used to help Europol find its next target, saying:

“The actions carried out under this investigation make clear that criminals are running out of ways to hide their tracks online. Each investigation we undertake informs the next, and the information gained on potential victims means we may have pre-empted several serious cyberattacks and data breaches.”

VPNLab Domain Seized

(Image credit: Europol)

A VPN for cybercriminals

First established in 2008, VPNLab.net provided VPN services based on OpenVPN and utilized 2048-bit encryption to provide its customers with online anonymity for as little as $60 per year. In addition to a regular VPN, the site also provided a double VPN where internet traffic would pass through multiple VPN servers before arriving at its destination.

According to Europol, law enforcement first took interest in VPNLab after multiple investigations revealed that cybercriminals were using the service for illicit activities including malware distribution. Meanwhile, other cases showed that the service was used to set up infrastructure and communications behind ransomware campaigns. In a press release, Ukraine's cyberpolice revealed that VPNLab was used in at least 150 ransomware attacks.

While VPNLab has now been shut down, the owners and operators of the service have yet to be identified, charged or arrested. However, data seized from the service's servers could hold valuable evidence on who was behind the operation.

At the same time, law enforcement plans to comb through VPNLab's customer data with the aim of identifying additional ransomware affiliates.

We've also featured the best endpoint security software and best identity theft protection

Via BleepingComputer

TOPICS
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.