The popular VPNLab.net used by malicious actors to deploy ransomware has been taken offline following a coordinated law enforcement operation.
Europol stated that it took action against the misuse of the VPN service by grounding 15 of its servers on January 17 thus rendering it inoperable as part of a disruptive action that took place across Germany, the Netherlands, Canada, the Czech Republic, France, the U.S and the U.K.
The seizure has also identified at least 100 businesses at risk of impending cyber attacks and they have been notified. Europol didn’t disclose the names of the companies.
Established in 2008, the tool provided an advanced level of anonymity by offering double VPN connections to its clients — wherein the internet traffic is routed through two VPN servers located in different countries instead of one — for as cheap as $60 a year.
“This made VPNLab.net a popular choice for cybercriminals, who could use its services to carry on committing their crimes without fear of detection by authorities,” Europol detailed in a press release, adding it “provided a platform for the anonymous commission of high value cybercrime cases, and was involved in several major international cyberattacks.”
VPNLab.net caught the attention of law enforcement officials when its infrastructure was beginning to be widely used for the purpose of malware dissemination with investigators uncovering evidence of illicit service being advertised on the dark web.
Ukraine’s Cyber Police said the VPN service was used in more than 150 ransomware infections, causing the victims to shell out a total of €60 million in ransom payments.
The dismantling of VPNLab.net is the latest action taken by authorities to close in on VPN providers with proven links to criminal groups. In December 2020, bulletproof VPN service Safe-Inet was shut down followed by the takedown of DoubleVPN in June 2021.
“The actions carried out under this investigation make clear that criminals are running out of ways to hide their tracks online,” Edvardas Šileris, head of Europol’s European Cybercrime Centre (EC3), said. “Each investigation we undertake informs the next, and the information gained on potential victims means we may have pre-empted several serious cyberattacks and data breaches.”