Joint Law Enforcement Action Takes Down VPN Service

Written by

An international law enforcement collaboration has targeted the users and infrastructure of, rendering it no longer available.

The action was taken in response to the use of the VPN provider’s service to support cybercrime activities, including ransomware deployment.

Europol worked with 10 national law enforcement agencies to conduct the coordinated operation in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the US and the UK. This led to the seizure or disruption of 15 servers that hosted’s service on January 17, making it unavailable.

The operation, led by the Central Criminal Office of the Hannover Police Department in Germany, took place under Europol’s EMPACT security framework objective Cybercrime - Attacks Against Information Systems.

Europol revealed the strike followed multiple investigations showing that cyber-criminals were using’s service to facilitate activities such as malware distribution. In addition, it was regularly used to help set up infrastructure and communications behind ransomware campaigns and as its actual deployment. Investigators even discovered the service was being advertised on the dark web.

Law enforcement also identified over 100 businesses at risk of cyber-attacks as a result of these investigations. They are now helping potential victims to mitigate their exposure. was established in 2008, offering users online anonymity via services based on OpenVPN technology and 2048-bit encryption. It also provided double VPN, with servers located in multiple countries. This offering made it attractive to cyber-criminals seeking to avoid detection by law enforcement.

Commenting on the action, head of Europol’s European Cybercrime Centre, Edvardas Šileris, said: “The actions carried out under this investigation make clear that criminals are running out of ways to hide their tracks online. Each investigation we undertake informs the next, and the information gained on potential victims means we may have pre-empted several serious cyber-attacks and data breaches.”

Chief of Hanover Police Department, Volker Kluwe, added: “One important aspect of this action is also to show that, if service providers support illegal action and do not provide any information on legal requests from law enforcement authorities, that these services are not bulletproof. This operation shows the result of effective cooperation of international law enforcement agencies, which makes it possible to shut down a global network and destroy such brands.”

What’s hot on Infosecurity Magazine?