International police shut down 15 server infrastructures as part of VPNLab.net's takedown

VPN service used by crims to support ransomware attacks and other illicit activity


Some 15 server infrastructures used by crims to prepare ransomware attacks were seized by cops yesterday as part of an international sting to take down VPNLab.net.

The VPN provider's service gave users "shielded communications and internet access" that was used in "support of serious criminals acts such as ransomware deployment and other cybercrime activities," Europol said today.

The raids were led by Central Criminal Office of the Hanover Police Department in Germany under the the EMPACT security framework objective of Cybercrime - Attacks Against Information Systems.

Police action also took place in the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the US and the UK, the latter being initiated by the National Crime Agency to yank the local node of the network offline.

Europol set its sights on VPNLab.net after multiple other investigations lifted the lid on the criminals using the service to control botnets and distribute malware. In other instances, the VPN service was used to set-up infrastructure and comms that underpinned ransomware campaigns, as well as the deployment of the bad stuff.

More than 100 businesses were identified as being at risk of attack and the cops are working with these "potential victims to mitigate their exposure", Europol said.

Web domains were yesterday replaced with a law enforcement splash page to confirm the network was down and out.

"The actions carried out under this investigation make clear that criminals are running out of ways to hide their tracks online," said a triumphant Edvardas Šileris, head of Europol's European Cyber Crime Centre. "Each investigation we undertake informs the next, and the information gained on potential victims means we may have pre-empted several serious cyberattacks and data breaches."

Volker Kluwe, chief of Hanover Police Department, said: "One important aspect of this action is also to show that, if service providers support illegal action and do not provide any information on legal requests from law enforcement authorities, that these are not bulletproof.

"This operation shows the result of an effective cooperation of international law enforcement agencies, which makes it possible to shut down a global network and destroy such brands."

Founded in 2008, LabVPN offers virtual private network services via the Dark Web based on OpenVPN tech and a 2048-bit encryption, starting from $60 per year.

John Denley, deputy director of the NCA's National Cyber Crime Unit, said in a statement that crims thought they could use LabVPN to "operate with impunity, and remain under the radar of law enforcement.

"This operation shows they were wrong and that there is no hiding place from the combined power of global law enforcement when it comes to taking down illegal IT infrastructure. This included the NCA switching off servers which were being hosted in the UK." ®

Similar topics

Broader topics

Narrower topics


Other stories you might like

  • Verizon: Ransomware sees biggest jump in five years
    We're only here for DBIRs

    The cybersecurity landscape continues to expand and evolve rapidly, fueled in large part by the cat-and-mouse game between miscreants trying to get into corporate IT environments and those hired by enterprises and security vendors to keep them out.

    Despite all that, Verizon's annual security breach report is again showing that there are constants in the field, including that ransomware continues to be a fast-growing threat and that the "human element" still plays a central role in most security breaches, whether it's through social engineering, bad decisions, or similar.

    According to the US carrier's 2022 Data Breach Investigations Report (DBIR) released this week [PDF], ransomware accounted for 25 percent of the observed security incidents that occurred between November 1, 2020, and October 31, 2021, and was present in 70 percent of all malware infections. Ransomware outbreaks increased 13 percent year-over-year, a larger increase than the previous five years combined.

    Continue reading
  • Slack-for-engineers Mattermost on open source and data sovereignty
    Control and access are becoming a hot button for orgs

    Interview "It's our data, it's our intellectual property. Being able to migrate it out those systems is near impossible... It was a real frustration for us."

    These were the words of communication and collaboration platform Mattermost's founder and CTO, Corey Hulen, speaking to The Register about open source, sovereignty and audio bridges.

    "Some of the history of Mattermost is exactly that problem," says Hulen of the issue of closed source software. "We were using proprietary tools – we were not a collaboration platform before, we were a games company before – [and] we were extremely frustrated because we couldn't get our intellectual property out of those systems..."

    Continue reading
  • UK government having hard time complying with its own IR35 tax rules
    This shouldn't come as much of a surprise if you've been reading the headlines at all

    Government departments are guilty of high levels of non-compliance with the UK's off-payroll tax regime, according to a report by MPs.

    Difficulties meeting the IR35 rules, which apply to many IT contractors, in central government reflect poor implementation by Her Majesty's Revenue & Customs (HMRC) and other government bodies, the Public Accounts Committee (PAC) said.

    "Central government is spending hundreds of millions of pounds to cover tax owed for individuals wrongly assessed as self-employed. Government departments and agencies owed, or expected to owe, HMRC £263 million in 2020–21 due to incorrect administration of the rules," the report said.

    Continue reading
  • Internet went offline in Pakistan as protestors marched for ousted prime minister
    Two hour outage 'consistent with an intentional disruption to service' said NetBlocks

    Internet interruption-watcher NetBlocks has reported internet outages across Pakistan on Wednesday, perhaps timed to coincide with large public protests over the ousting of Prime Minister Imran Khan.

    The watchdog organisation asserted that outages started after 5:00PM and lasted for about two hours. NetBlocks referred to them as “consistent with an intentional disruption to service.”

    Continue reading
  • Suspected phishing email crime boss cuffed in Nigeria
    Interpol, cops swoop with intel from cybersecurity bods

    Interpol and cops in Africa have arrested a Nigerian man suspected of running a multi-continent cybercrime ring that specialized in phishing emails targeting businesses.

    His alleged operation was responsible for so-called business email compromise (BEC), a mix of fraud and social engineering in which staff at targeted companies are hoodwinked into, for example, wiring funds to scammers or sending out sensitive information. This can be done by sending messages that impersonate executives or suppliers, with instructions on where to send payments or data, sometimes by breaking into an employee's work email account to do so.

    The 37-year-old's detention is part of a year-long, counter-BEC initiative code-named Operation Delilah that involved international law enforcement, and started with intelligence from cybersecurity companies Group-IB, Palo Alto Networks Unit 42, and Trend Micro.

    Continue reading

Biting the hand that feeds IT © 1998–2022