A group operation from the law enforcement agencies of several countries has taken down VPNLab.net – a VPN service popular among cybercriminals.
VPNLab is mostly used by threat actors like ransomware groups and malware gangs. They hide their online identities by using this service and performing their operations. The operators of VPNLab aren’t found yet, but the police are having the data secured from seized servers, which is under investigation.
VPN For Threat Actors
Hackers in their regular operations use a variety of tools to achieve what they wanted. One among them is a VPN – Virtual Private Service that masks the online identities of a person using it. Their traffic goes through a series of virtual tunnels to hide the data transmission, and let them have the freedom of untraceable internet.
In the case of cybercriminals, this is a must service for not being detected by law enforcement. And VPNLab.net provides just that. Starting in 2008, VPNLab has a number of servers in various countries and provides OpenVPN-based technology and 2048-bit encryption for just $60/year.
This VPN is often slower than the regular VPNs we use, as the network uses multiple layers of encryption and bouncing, making the transmission cumbersome and slow. As it’s seen as a headache, law enforcement agencies have framed a joint operation to take it down.
And it’s successful! On Tuesday, the law enforcement agencies of Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the United States, and the United Kingdom have seized 15 servers belonging to VPNLab.
Talking on this capture, the Ukranian Cybercrime Police said VPNLab was used in over 150 ransomware attacks to date, and incurred financial damages of at least $68.3 million.
While there’s no capturing of VPNLab’s operators, the police hold the crucial data seized from the servers, which can be used to track them and the ransomware affiliates who used their service.