A virtual private network service used for malware distribution, ransomware operations and other cybercrime activities was taken offline Monday as law enforcement officials from nearly a dozen countries jointly seized its website and customer data.
Multiple investigations into the distribution of malware and other illicit activities alerted authorities to VPNLab.net, according to the European law enforcement agency Europol, which announced the takedown Tuesday. Authorities “seized or disrupted 15 servers” that hosted the site’s infrastructure, the agency said.
“This service provided a platform for the anonymous commission of high value cybercrime cases, and was involved in several major international cyberattacks,” a message posted to the site’s home page reads. “Law enforcement has now gained access to the vpnlab.net servers and seized the customer data stored within. The investigation regarding customer data of this network will continue.”
Led by German police, the operation included the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the U.S. and the United Kingdom.
The service, which dates back to 2008, offered encryption of internet traffic and online anonymity for as little as $60 per year, the agency said, making it “a popular choice for cybercriminals, who could use its services to carry on committing their crimes without fear of detection by authorities.” It also offered “DoubleVPN,” which the site administrators said streamed traffic through two VPN servers. The site had been used, among other things, to spread Ryuk ransomware, German news outlet Der Spiegel reported Tuesday.
VPN services sell customers a method for encrypting traffic between their computers and the internet, shielding traffic data from internet service providers or others who may be paying attention. Some VPN providers keep logs and records about customers’ activities, but VPNLab claimed it didn’t, according to a snapshot of the service’s site from 2018.