DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Unhappy New Year for cybercriminals as VPNLab.net goes offline

Posted on January 18, 2022 by Dissent

Do threat actors feel like walls are closing in on them? They might well be feeling that way — or maybe they should be feeling that way. From Europol, today:

This week, law enforcement authorities took action against the criminal misuse of VPN services as they targeted the users and infrastructure of VPNLab.net. The VPN provider’s service, which aimed to offer shielded communications and internet access, were being used in support of serious criminal acts such as ransomware deployment and other cybercrime activities.

On 17 January, disruptive actions took place in a coordinated manner in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the United States and the United Kingdom. Law enforcement authorities have now seized or disrupted the 15 servers that hosted VPNLab.net’s service, rendering it no longer available. Led by the Central Criminal Office of the Hannover Police Department in Germany, the action took place under the EMPACT security framework objective Cybercrime – Attacks Against Information Systems.

Domain Seizure Notice
Image: Europol

A provider of choice for cybercriminals

VPNLab.net was established in 2008, offering services based on OpenVPN technology and 2048-bit encryption to provide online anonymity for as little as USD 60 per year. The service also provided double VPN, with servers located in many different countries. This made VPNLab.net a popular choice for cybercriminals, who could use its services to carry on committing their crimes without fear of detection by authorities.

Law enforcement took interest in the provider after multiple investigations uncovered criminals using the VPNLab.net service to facilitate illicit activities such as malware distribution. Other cases showed the service’s use in the setting up of infrastructure and communications behind ransomware campaigns, as well as the actual deployment of ransomware. At the same time, investigators found the service advertised on the dark web itself.

As a result of the investigation, more than one hundred businesses have been identified as at risk of cyberattacks. Law enforcement is working directly with these potential victims to mitigate their exposure.

Closing in on VPN service used for criminal purposes

Commenting on the VPNLab.net takedown, the Head of Europol’s European Cybercrime Centre, Edvardas Šileris, remarked:

The actions carried out under this investigation make clear that criminals are running out of ways to hide their tracks online. Each investigation we undertake informs the next, and the information gained on potential victims means we may have pre-empted several serious cyberattacks and data breaches.

Chief of Hanover Police Department Volker Kluwe stated:

One important aspect of this action is also to show that, if service providers support illegal action and do not provide any information on legal requests from law enforcement authorities, that these services are not bulletproof. This Operation shows the result of an effective cooperation of international law enforcement agencies, which makes it possible to shut down a global network and destroy such brands.

Europol’s European Cybercrime Centre (EC3) provided support for the action day through its Analysis Project ‘CYBORG’, which organised more than 60 coordination meetings and 3 in-person workshops, as well as providing analytical and forensic support. The information exchange was facilitated in the framework of the Joint Cybercrime Action Taskforce (J-CAT) hosted at Europol’s headquarters in The Hague. Eurojust organised a coordination meeting to prepare for the operational actions and provided support to enable cross-border judicial cooperation between all Member States concerned.

The following authorities took part in this operation:

  • Germany: Hanover Police Department (Polizeidirektion Hannover) – Central Criminal Office and Verden Public Prosecutor’s Office
  • Netherlands: The Dutch National Hi-Tech Crime Unit
  • Canada: Royal Canadian Mounted Police, Federal Policing
  • Czech Republic: Cyber Crime Section – NOCA (National Organized Crime Agency)
  • France: Sous-Direction de la Lutte Contre la Cybercriminalité à la Direction Centrale de la Police Judiciaire (SDLC-DCPJ)
  • Hungary: RSSPS National Bureau of Investigation Cybercrime Department
  • Latvia: State Police of Latvia (Valsts Policija) – Central Criminal Police Department
  • Ukraine: National Police of Ukraine (Національна поліція України) – Cyberpolice Department
  • United Kingdom: The National Crime Agency
  • United States: Federal Bureau of Investigation
  • Eurojust
  • Europol: European Cybercrime Centre (EC3)

Empact

In 2017 the Council of the EU decided to continue the EU Policy Cycle for the 2018 – 2021 period. It aims to tackle the most significant threats posed by organised and serious international crime to the EU. This is achieved by improving and strengthening cooperation between the relevant services of EU Member States, institutions and agencies, as well as non-EU countries and organisations, including the private sector where relevant. Currently, there are ten EMPACT priorities. From 2022, the mechanism becomes permanent under the name EMPACT 2022+.

Category: Business SectorCommentaries and AnalysesNon-U.S.Of Note

Post navigation

← South Africa’s new traffic fine system exposed personal data
Albuquerque Schools Confirm Ransomware Attack, Resume Class →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Episource notifying 5.4 million patients of cyberattack in January
  • Investigation of 2024 Helsinki data breach – Report
  • Major trial underway for data leak that left 72,000 victims in France
  • Anubis: A Closer Look at an Emerging Ransomware with Built-in Wiper
  • HealthEC Agrees to $5.48 Million Settlement to End Data Breach Lawsuit
  • US offering $10 million for info on Iranian hackers behind IOControl malware
  • Sompo Japan Insurance submits improvement plan after info leakage
  • Moreno Valley, Calif., Schools Report Data Breach
  • The Growing Cyber Risks from AI — and How Organizations Can Fight Back
  • UPDATING: Credit Control Corporation denies any current breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data
  • DOJ Seeks More Time on Tower Dumps
  • Your household smart products must respect your privacy – including your air fryer
  • Vermont signs Kids Code into law, faces legal challenges
  • Data Categories and Surveillance Pricing: Ferguson’s Nuanced Approach to Privacy Innovation
  • Anne Wojcicki Wins Bidding for 23andMe
  • Would you — or wouldn’t you?

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.