Law enforcement agencies from 10 countries have joined forces to block VPNLab.net, a VPN service provider used by ransomware operators and attackers.

The operation was coordinated by Europol and took place on 17 January. The special services of Great Britain, Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine and the United States took part in the blocking.

Law enforcement officials took over 15 servers used by the VPNLab.net service and took down its main site. The platform is now unavailable.

Cybercriminals typically use VPN services to hide their real location and identity, and redirect network traffic through multiple encryption tunnels.

Compared to standard consumer VPN services, these solutions tend to be slower because they include multiple layers of encryption.

VPNLab.net was one of the oldest services of its kind, established in 2008 and offering OpenVPN-based technology and 2048-bit encryption for as little as $60 per year. Its servers were located in different countries, which made it possible to maintain the performance of attacks at an acceptable level.

“Law enforcement took an interest in the provider after multiple investigations identified criminals using the VPNLab.net service to facilitate illegal activities such as distributing malware,” Europol said in a statement. “Other cases have shown the use of the service in setting up infrastructure and communications for ransomware campaigns, as well as the actual deployment of ransomware.”

The Ukrainian Cyber ​​Police issued a separate press release stating that the service was used in at least 150 ransomware attacks.

The owners and operators of VPNLab.net have not yet been established. However, law enforcement officials claim that as a result of the confiscation of servers, they have valuable evidence in this regard. Customer data stored on servers will also be scrutinized, so the police are likely to uncover more ransomware.

In December 2020, Europol coordinated a similar operation to take down Safe-Inet and Insorg VPN, two service providers known for serving cybercrime. In June 2021, international law enforcement seized the servers and client logs of DoubleVPN, a double-encryption service sometimes used by attackers to evade detection when performing malicious activities. DoubleVPN is based in Russia.

On January 14, the FSB of Russia announced that it had detained all members of the REvil hacker group. In total, 14 people were detained, more than 426 million rubles, 600 thousand dollars, 500 thousand euros were confiscated from them. During the search at 25 addresses in Moscow, St. Petersburg, Moscow, Leningrad and Lipetsk regions, the special services also seized all computer equipment and gained access to crypto wallets used to commit crimes. On January 15, a Moscow court arrested 8 suspected REvil members for 2 months.

bbabo.Net