Europol has shut down the VPN service used by the ransomware gang, provided by VPNLab.net, and found a list of upcoming cyber attack targets, according to the official Europol website. More than 100 companies have now been notified by police that they have been targeted by cybercriminals.
This is according to a press release issued by the police in Hanover, Germany, in conjunction with Europol. Police have long been investigating VPN provider VPNLab.net and have now confiscated 15 servers operated by VPNLab in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the United States and the United Kingdom.
Europol said that based on the data found on the servers, they were able to notify more than 100 companies of an impending cyber attack (via Spiegel).
"Law enforcement agencies are working directly with these potential victims to reduce their vulnerability," Europol said today.
OpenVPN Providers on the Dark Web
Police have noted VPNLab.net as a cross-border virtual private network provider offering its services in underground criminal activities and providing VPN proxy services to various cybercrime groups, including ransomware gangs. According to Europol, cybercriminals use the infrastructure specifically to hide their own connection data and thus cover their tracks in their ransom operations.
VPNLab.net's web service, based on OpenVPN technology, was opened in 2008 and uses 2048-bit encryption and a service network to encrypt and anonymize connections for its customers. The service is inexpensive, costing as little as $60 per year.
Shutting down VPN services used for criminal purposes
The actions taken in this investigation clearly show that criminals have fewer and fewer ways to cover their tracks on the Internet," said Edvardas Šileris, head of Europol's European Cybercrime Center. The shutdown of VPNLab is the second major case in which law enforcement agencies have taken action against a VPN provider used primarily by criminal groups. Europol and the Dutch police had shut down DoubleVPN in June last year."
The action was led by the Central Criminal Office of the Hanover Police Department in Germany under the EMPACT security framework [Targeted Cybercrime - Attacks on Information Systems]. Hanover Police Chief Volker Kluwe said, "An important aspect of this operation is that it shows that service providers are not infallible when they support illegal activities and do not provide information in response to requests from law enforcement agencies. This operation demonstrates the results of effective cooperation between international law enforcement agencies, which has made it possible to shut down global networks and destroy such brands." His department led the investigation.
Europol’s European Cybercrime Centre (EC3) provided support for the action day through its Analysis Project ‘CYBORG’, which organised more than 60 coordination meetings and 3 in-person workshops, as well as providing analytical and forensic support. The information exchange was facilitated in the framework of the Joint Cybercrime Action Taskforce (J-CAT) hosted at Europol’s headquarters in The Hague. Eurojust organised a coordination meeting to prepare for the operational actions and provided support to enable cross-border judicial cooperation between all Member States concerned.
The following authorities took part in this operation:
- Germany: Hanover Police Department (Polizeidirektion Hannover) - Central Criminal Office and Verden Public Prosecutor's Office
- Netherlands: The Dutch National Hi-Tech Crime Unit
- Canada: Royal Canadian Mounted Police, Federal Policing
- Czech Republic: Cyber Crime Section – NOCA (National Organized Crime Agency)
- France: Sous-Direction de la Lutte Contre la Cybercriminalité à la Direction Centrale de la Police Judiciaire (SDLC-DCPJ)
- Hungary: RSSPS National Bureau of Investigation Cybercrime Department
- Latvia: State Police of Latvia (Valsts Policija) - Central Criminal Police Department
- Ukraine: National Police of Ukraine (Національна поліція України) - Cyberpolice Department
- United Kingdom: The National Crime Agency
- United States: Federal Bureau of Investigation
- Eurojust
- Europol: European Cybercrime Centre (EC3)