Police seize VPN host allegedly facilitating ransomware

VPNLab is accused of facilitating cybercrime including ransomware and malware distribution, and its services were allegedly advertised on the dark web.

An international law enforcement operation has resulted in the domain seizure and takedown of VPNLab -- a VPN provider allegedly being used to support major cyber attacks including ransomware deployment -- according to a Tuesday press release from Europol.

Europol said the police action, which occurred Monday, resulted in the seizure or disruption of all 15 of the servers that supported VPNLab's operations, "rendering it no longer available." The action was led by Germany's Hannover Police Department, in cooperation with law enforcement in Canada, the Czech Republic, France, Hungary, Latvia, the Netherlands, Ukraine, the United Kingdom and the United States. Europol, meanwhile, provided action day support.

VPNLab's .net domain has likewise been seized, and the page now contains a takedown notice from German police, as well as a notice that reads, "law enforcement has now gained access to the vpnlab.net servers and seized the customer data stored within."

VPNLab German police takedown domain seizure
The takedown notice from German police on VPNLab's website.

VPNLab, established in 2008, is a VPN service that Europol said is popular with cybercriminals due to its international presence and double VPN functionality. The service is accused of facilitating cybercrime, including ransomware and malware distribution.

"Law enforcement took interest in the provider after multiple investigations uncovered criminals using the VPNLab.net service to facilitate illicit activities such as malware distribution," the press release read. "Other cases showed the service's use in the setting up of infrastructure and communications behind ransomware campaigns, as well as the actual deployment of ransomware. At the same time, investigators found the service advertised on the dark web itself."

In addition, "more than one hundred businesses have been identified as at risk of cyberattacks" as a result of the investigation, Europol said.

Europol declined to comment beyond the contents of the press release.

Alexander Culafi is a writer, journalist and podcaster based in Boston.

Next Steps

Malware vs. ransomware: What's the difference?

Dig Deeper on Data security and privacy

Enterprise Desktop
Cloud Computing