In a joint, long-running international investigation effort comprising ten countries as well as Europol, the action was undertaken per the EMPACT EU Policy Cycle, under the objective: “Cybercrime – Attacks Against Information Systems.”
Unhappy New Year For Cybercriminals
Europol’s report entitled “Unhappy New Year for cybercriminals as VPNLab.net goes offline” goes into detail about the joint operation that led to the shutdown of the notorious domain. Law enforcement, led by the Central Criminal Office of the Hannover Police Department in Germany and the Verden Public Prosecutor’s Office in Germany, cracked down on “the criminal misuse of VPN services” this week, targeting VPNLab’s users and infrastructure. According to the investigation, the VPN service was harboring “serious criminal acts such as ransomware deployment and other cybercrime activities.”
Investigation spanned multiple countries
International law enforcement took coordinated action, covering Germany, Canada, the Netherlands, the Czech Republic, France, Hungary, Latvia, the United States, Ukraine, and the United Kingdom. The report pointed out that the VPN service allowed “anonymous commission of high value cybercrime cases” and was a vessel for numerous international cyberattacks.
15 servers seized by authorities
15 servers that hosted the VPN service “which aimed to offer shielded communications and internet access” have been seized or disrupted, and are now unavailable. As of yesterday, it was also confirmed that the customer data within the servers has also been seized.
The service harbored cybercrime tools and campaigns
Authorities discovered that criminals were leveraging VPNLab.net for malware distribution, setting up infrastructure, and running ransomware campaigns. The notorious Ryuk ransomware gang is among the suspected ransomware operators. It was also discovered that the service was advertised on the dark web.
Investigation Set to Continue
Edvardas Šileris, Head of Europol’s European Cybercrime Center, underlined that cybercriminals using VPN services are running out of options and that “the information gained on potential victims means we may have pre-empted several serious cyberattacks and data breaches.” Volker Kluwe, the Chief of the Hanover Police Department, remarked that VPN services that support illegal action cannot hide from law enforcement because effective international law enforcement cooperation has shown that “these services are not bulletproof.”
Authorities offering support for potential victims
It has been concluded that over one hundred businesses have been at risk of cyberattacks stemming from the criminal usage of VPNLab.net’s services. According to the official report, in-depth investigations into the customer data on the network are set to continue from this point onwards. Authorities are helping potential victims avoid exposing themselves to cybercrime.
VPNLab.net not the first to get shut down
In June 2021, a similar action was taken against VPN service DoubleVPN, also per the EMPACT framework. The Twitter post by Europol had then emphasized that “The golden age of criminal VPNs is over,” followed by a waving hand emoticon. One year earlier, a VPN service called Safe-inet was also shut down, likewise per the EMPACT framework.
About VPNLab.net
Since 2008, VPNLab.net has offered a VPN service running on the OpenVPN protocol with 2048-bit encryption for a $60 annual subscription. It also provided a “double VPN” feature that re-routes traffic twice “with servers located in many different countries” and helped the provider become a cybercriminal favorite.