Europol takes down VPNLab, a service used by ransomware gangs

An international law enforcement operation has seized the servers of VPNLab.net, a virtual private network provider that advertised its services on the criminal underground and catered to various cybercrime groups, including ransomware gangs.

Europol said it seized 15 servers operated by the VPNLab team in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the US, and the UK.

No arrests were announced, but the company's services were rendered inoperable, and its main website now shows a Europol seizure banner.

"The actions carried out under this investigation make clear that criminals are running out of ways to hide their tracks online," Edvardas Šileris, Head of Europol's European Cybercrime Centre, said today.

Prior to its shutdown today, VPNLab had been around since 2008. The service had been built around the OpenVPN technology, used 2048-bit encryption, and a network of services to encrypt and anonymize connections for its clients, all for only $60/year.

Europol said the service primarily advertised on the criminal underground as a way for cybercrime groups to connect to their infrastructure without revealing their home connection details.

The VPNLab takedown marks the second time law enforcement has moved against a VPN provider for criminal groups after Europol and Dutch police took down DoubleVPN in June last year.

"One important aspect of this action is also to show that, if service providers support illegal action and do not provide any information on legal requests from law enforcement authorities, that these services are not bulletproof," said Volker Kluwe, Chief of Hanover Police Department, whose department spearheaded the investigation.

Europol said that a result of this takedown, with data found on the servers, they were able to notify more than 100 businesses of impending cyberattacks.

"Law enforcement is working directly with these potential victims to mitigate their exposure," Europol said today.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.