VPN service favoured by ransomware gangs closed in international police operation
15 VPNLab servers shut down in ten different countries in Europol-coordinated action
Police forces coordinated by Europol have shut down a VPN service that it said was being used by ransomware gangs and purveyors of malware.
VPNLab.net was established in 2008 and offered high levels of anonymity by routing traffic through two VPN servers.
It drew the attention of the police when it became apparent it was being extensively by used by ransomware gangs and other cyber criminals.
According to the Ukraine police force, the VPN service was established in Germany (an ICANN search corroborates this) and operated 15 servers in 10 countries. These servers were taken down yesterday in a simultaneous action coordinated by Europol and involving police forces in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the US and the UK.
The service was used for 150 ransomware attacks, according to the Ukraine police, netting the criminals €60 million in ransom payments.
As a result of the action is that around 100 businesses identified as at risk of impending cyber attacks are being notified by Europol.
A Europol press release did not clarify why criminals chose to use VPNLabs specifically, but it is probable that its operators had criminal links. In December 2020, the VPN service Safe-Inet was closed by Europol with the shuttering of DoubleVPN following in June 2021. Both of these services had links to organised crime and advertised their services on criminal forums on the dark web.
No arrests have been announced as a result of VPNLabs' closure.
The vpnlab.net site today
"The actions carried out under this investigation make clear that criminals are running out of ways to hide their tracks online. Each investigation we undertake informs the next, and the information gained on potential victims means we may have pre-empted several serious cyberattacks and data breaches," said Edvardas Šileris, head of Europol's European Cybercrime Centre.
Neil Jones, cybersecurity evangelist at Egnyte commented: "It's a breath of fresh air to see that international law enforcement is focusing their efforts on technology providers that offer cyber-attack-friendly environments and make it easy for Ransomware as a Service providers to perpetrate potential attacks. It is also a positive sign to see that the VPNLab operation spanned multiple European and North American countries.
"The policing of the cyberworld is now being included as an international poker chip; it's no longer an afterthought. As seen here, it requires coordination, transparency, and diplomacy."