We're barely three weeks into 2022 and so far, it seems like every other day there’s a new action taken by law enforcement to disrupt and deter malicious cyber activity.

Russia's domestic intelligence service, the FSB, said on Friday it arrested members of the ransomware gang REvil. That revelation came a few days after news of the largest seller of stolen credit cards on the darkweb, a carding forum, UniCC, shut down.

Now, authorities in Europe are celebrating the takedown of a VPN service frequented by cybercriminals to distribute ransomware and carry out other crimes.

Europol and authorities from 10 countries - Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the United States and the United Kingdom - worked together to bring down VPNLab.net on Monday.

While the name may not be known to everyone, the service has been around for more than a decade; it was formed in 2008 and offered its services for as little as $60 a year.

As part of its takedown, Europol and company – the effort was spearheaded by Germany’s Central Criminal Office of the Hannover Police Department - either seized or disrupted 15 servers connected to the service. Officials didn't get into specific details around what type of illicit activities those who used the VPN carried out, only that it was used to set up infrastructure and communications around ransomware campaigns and distribute malware.

"International law enforcement, under the leadership of the Police Headquarters Hannover and the Verden Public Prosecutor‘s Office (Germany), has seized the domain vpnlab.net,” reads a seizure notice on the website. “This service provided a platform for the anonymous commission of high value cybercrime cases, and was involved in several major international cyberattacks."

While the service was theoretically accessible to anyone, Europol claims it saw cybercriminals advertising VPNLab.net on the dark web, one would assume, in connection to sales illegal activities.

If you haven’t been paying attention, these takedowns have become much more frequent, especially over the last year. The action against VPNLab comes a year after Europol shuttered another VPN, Safe-Inet, that was being used by cybercriminals and six months after the takedown of another, DoubleVPN, led by the Dutch National Police,

Both the VPNLab and DoubleVPN takedowns were carried out on behalf of the European Multidisciplinary Platform Against Criminal Threats, or EMPACT. While not new, the framework dates back to 2012, it’s designed to set the pace when it comes to addressing cyber threats in the European Union. Some of its priorities for 2022-2025 include targeting high-risk criminal networks - including those that use underground financial systems to launder money - and combatting intellectual property crime.