In a joint, long-running international investigation effort comprising ten countries as well as Europol, the action was undertaken per the EMPACT EU Policy Cycle, under the objective: “Cybercrime – Attacks Against Information Systems.”

Unhappy New Year For Cybercriminals

Europol’s report entitled “Unhappy New Year for cybercriminals as VPNLab.net goes offline” goes into detail about the joint operation that led to the shutdown of the notorious domain. Law enforcement, led by the Central Criminal Office of the Hannover Police Department in Germany and the Verden Public Prosecutor’s Office in Germany, cracked down on “the criminal misuse of VPN services” this week, targeting VPNLab’s users and infrastructure. According to the investigation, the VPN service was harboring “serious criminal acts such as ransomware deployment and other cybercrime activities.”

Investigation spanned multiple countries

International law enforcement took coordinated action, covering Germany, Canada, the Netherlands, the Czech Republic, France, Hungary, Latvia, the United States, Ukraine, and the United Kingdom. The report pointed out that the VPN service allowed “anonymous commission of high value cybercrime cases” and was a vessel for numerous international cyberattacks.

15 servers seized by authorities

15 servers that hosted the VPN service “which aimed to offer shielded communications and internet access” have been seized or disrupted, and are now unavailable. As of yesterday, it was also confirmed that the customer data within the servers has also been seized.

The service harbored cybercrime tools and campaigns

Authorities discovered that criminals were leveraging VPNLab.net for malware distribution, setting up infrastructure, and running ransomware campaigns. The notorious Ryuk ransomware gang is among the suspected ransomware operators. It was also discovered that the service was advertised on the dark web.

Investigation Set to Continue

Edvardas Šileris, Head of Europol’s European Cybercrime Center, underlined that cybercriminals using VPN services are running out of options and that “the information gained on potential victims means we may have pre-empted several serious cyberattacks and data breaches.” Volker Kluwe, the Chief of the Hanover Police Department, remarked that VPN services that support illegal action cannot hide from law enforcement because effective international law enforcement cooperation has shown that “these services are not bulletproof.”

Authorities offering support for potential victims

It has been concluded that over one hundred businesses have been at risk of cyberattacks stemming from the criminal usage of VPNLab.net’s services. According to the official report, in-depth investigations into the customer data on the network are set to continue from this point onwards. Authorities are helping potential victims avoid exposing themselves to cybercrime.

VPNLab.net not the first to get shut down

In June 2021, a similar action was taken against VPN service DoubleVPN, also per the EMPACT framework. The Twitter post by Europol had then emphasized that “The golden age of criminal VPNs is over,” followed by a waving hand emoticon. One year earlier, a VPN service called Safe-inet was also shut down, likewise per the EMPACT framework.

About VPNLab.net

Since 2008, VPNLab.net has offered a VPN service running on the OpenVPN protocol with 2048-bit encryption for a $60 annual subscription. It also provided a “double VPN” feature that re-routes traffic twice “with servers located in many different countries” and helped the provider become a cybercriminal favorite.

VPNLab net Taken Down For Harboring Cybercrime - 45VPNLab net Taken Down For Harboring Cybercrime - 5VPNLab net Taken Down For Harboring Cybercrime - 40VPNLab net Taken Down For Harboring Cybercrime - 60