Europol Shuts Down Popular Cybercriminal VPN Service

Law enforcement authorities have acted against the criminal use of VPN services with the shutdown of VPNLab.net, which was used to support ransomware attacks and other crimes.

The disruption took place in a coordinated operation on Jan. 17 across Germany, Canada, the Netherlands, the Czech Republic, France, Hungary, Latvia, Ukraine, the United States, and the United Kingdom, Europol reports. Authorities have seized or disrupted the 15 servers hosting the VPNLab service; as a result, it is no longer available.

VPNLab was created in 2008 based on OpenVPN technology and 2,048-bit encryption. What appealed to cybercriminals was its double VPN, with servers located across several different countries that enabled attackers to commit crimes without worrying about detection.

Law enforcement officials pursued VPNLab after multiple investigations revealed criminals were using the service to conduct activities such as ransomware campaigns. Different cases showed it was used to set up the infrastructure and communications behind these attacks, as well as the deployment of ransomware. VPNLab was also advertised on the Dark Web, Europol said.

"As a result of the investigation, more than one hundred businesses have been identified as at risk of cyberattacks," Eurpol officials wrote in a statement. "Law enforcement is working directly with these potential victims to mitigate their exposure."

Read Europol's full release for more information.