Law enforcement agencies in 10 countries took the services of VPNLab.net, a VPN service provider used by ransomware and malware groups, offline. The joint action was coordinated by Europol and took place on Monday 17 January, involving law enforcement agencies from Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the US and the United Kingdom. .

In the operation they were seized 15 servers used by VPNLab.net and the official website was taken offline, with the result of making the platform no longer available. VPN services are used by cybercriminals to hide their identity, the geographic origin of their business and their online activities by passing their traffic through various encrypted communication channels.

Compared to normal commercial VPN services, which users generally use for security purposes, the solutions more prone to misuse are usually slower and more complicated to use, since they use multiple layers of encryption and “scrambling” of traffic. VPNLab.net has long been a renowned service for these features, operating since 2008 and offering an offer based on OpenVPN technology and 2048-bit encryption, at a cost of just $ 60 a year. VPNLab.net servers have been located in different countries in order to offer relative geographic proximity to the various threat actors around the world and to keep performance at acceptable levels. “

“Law enforcement took an interest in the vendor following numerous investigations that showed criminals using the VPNLab.net service to facilitate illegal activities such as distributing malware. Other cases have shown the use of the service in configuring the communication and control infrastructure for ransomware campaigns, as well as for the actual distribution of the ransomware, “Europol said.

At the moment the owners of VPNLab.net have not yet been identified, but law enforcement officials say they are now in possession of valuable evidence on that front, following the seizure of the servers. The police will also examine the content of the servers themselves, from which further details and information on the ransomware and malware groups customers of the VPN service could emerge.

A little over a year ago, in December 2020, Europol had coordinated another police action that had the result of knocking out two other VPN service providers: at that time it was the turn of Safe-Inet and Insorg VPN, both known. for having also been used by cybercriminals.