The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls

Digital Guardian's Blog

Europol, Feds Take VPN Used by Cybercriminals Offline

by Chris Brook on Wednesday January 19, 2022

Contact Us
Free Demo

The service was being used to carry out ransomware deployment and other cybercrime activities.

We're barely three weeks into 2022 and so far, it seems like every other day there’s a new action taken by law enforcement to disrupt and deter malicious cyber activity.

Russia's domestic intelligence service, the FSB, said on Friday it arrested members of the ransomware gang REvil. That revelation came a few days after news of the largest seller of stolen credit cards on the darkweb, a carding forum, UniCC, shut down.

Now, authorities in Europe are celebrating the takedown of a VPN service frequented by cybercriminals to distribute ransomware and carry out other crimes.

Europol and authorities from 10 countries - Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the United States and the United Kingdom - worked together to bring down on Monday.

While the name may not be known to everyone, the service has been around for more than a decade; it was formed in 2008 and offered its services for as little as $60 a year.

As part of its takedown, Europol and company – the effort was spearheaded by Germany’s Central Criminal Office of the Hannover Police Department - either seized or disrupted 15 servers connected to the service. Officials didn't get into specific details around what type of illicit activities those who used the VPN carried out, only that it was used to set up infrastructure and communications around ransomware campaigns and distribute malware.

"International law enforcement, under the leadership of the Police Headquarters Hannover and the Verden Public Prosecutor‘s Office (Germany), has seized the domain,” reads a seizure notice on the website. “This service provided a platform for the anonymous commission of high value cybercrime cases, and was involved in several major international cyberattacks."

While the service was theoretically accessible to anyone, Europol claims it saw cybercriminals advertising on the dark web, one would assume, in connection to sales illegal activities.

If you haven’t been paying attention, these takedowns have become much more frequent, especially over the last year. The action against VPNLab comes a year after Europol shuttered another VPN, Safe-Inet, that was being used by cybercriminals and six months after the takedown of another, DoubleVPN, led by the Dutch National Police,

Both the VPNLab and DoubleVPN takedowns were carried out on behalf of the European Multidisciplinary Platform Against Criminal Threats, or EMPACT. While not new, the framework dates back to 2012, it’s designed to set the pace when it comes to addressing cyber threats in the European Union. Some of its priorities for 2022-2025 include targeting high-risk criminal networks - including those that use underground financial systems to launder money - and combatting intellectual property crime.

Tags: Government

Recommended Resources

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.