A joint operation by authorities from 10 countries led to the dismantling of VPNLab.net, a virtual private network (VPN) services infrastructure employed by various hacking groups, including ransomware operators. This operation was coordinated by Europol and was deployed on January 17, involving law enforcement agencies in Germany, Canada, the United States, France, Hungary, Latvia, the Netherlands, the United Kingdom, the Czech Republic and Ukraine.
The agents managed to seize a total of 15 servers, used by VPNLab.net operators, in addition to taking down the main website, so this platform is no longer available.
According to the report, threat actors used these VPN services to hide their real online location, obfuscating their malicious activity behind multiple encryption tunnels. According to cybersecurity specialists, this class of services are distinguished from a conventional VPN platform can be slower because they have multiple layers of encryption.
Active since 2008, VPNLab.net became one of the most important platforms of its kind, offering 2048-bit encryption in exchange for a subscription for $60 USD a year. The operators of this platform maintained active servers in various countries in order to offer a sufficiently stable service.
In its report, Europol says that VPNLab.net began to attract attention after a wave of ransomware attacks whose operators used this same service: “This platform facilitated the distribution of malware, encryption of infected systems and compromise of business and government networks.” Law enforcement estimates indicate that operations implemented using VPNLab.net would have generated losses of more than $68 million USD across Europe.
At the moment the owners and operators of this malicious platform have not been identified, so there were no arrests related to this police operation. However, Europol assures that there are already some traces that can lead to the identification of these individuals, in addition to the fact that some affiliated ransomware groups have been identified, so it is a matter of time before these hackers are finally arrested.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.