Europol takes down VPN service VPNLab used by ransomware operators

Europol takes down VPN service VPNLab used by ransomware operators

According to Europol, VPNLabs was providing services to malware and ransomware operators who would mask their IP addresses to carry out cyberattacks against 100s of businesses.

VPNLab, a Virtual Private Network (VPN) service used by cybercriminals to deploy ransomware has been taken down by Europol. The VPN service made nearly 100 businesses at risk of cyberattack. Europol is working with potential victims to mitigate the risk.

The news came days after Russian authorities dismantled the infamous REvil ransomware gang known for targeting thousands of businesses and taking millions of dollars in ransom.

It is also worth noting that in June 2021, authorities managed to dismantle DoubleVPN, while in December 2020, a VPN service called Safe-Inet was taken down by Europol and the FBI. Both VPNs provided services to cybercriminals to hide their identity online.

Details of the Operation

The joint action, spearheaded by German police in Hanover, took place on 17 January 2022. The law enforcement agencies that took part in the operation included Canada, the Netherlands, the Czech Republic, Hungary, France, Latvia, Ukraine, the United Kingdom, and the United States. 

According to Europol, around fifteen servers used by the service were seized, and its main site was also shut down.

Europol takes down VPN service VPNLab used by ransomware operators
The official website of VPNLab shows “This domain has been seized” message.

In a press release, Europol stated,

“The VPN provider service… was being used in support of serious criminal acts such as ransomware deployment and other cybercrime activities.”


The now-defunct VPN service was one of the most trusted services around. It was a top-rated service among cybercriminals who used it to “carry on committing their crimes without fear of detection by authorities,” Europol revealed. The VPN service was established in 2008.

Law enforcement authorities suspected the VPN service provider was involved in malicious activities after an investigation showed that threat actors were using it for nefarious purposes such as distributing malware to disrupt or infiltrate computer systems.

Other cases showed the service’s use in the setting up of infrastructure and communications behind ransomware campaigns, as well as the actual deployment of ransomware,Europol

Furthermore, VPNLab guaranteed full anonymity for services based on OpenVPN technology. It offered 2048-bit encryption for just $60 annually. Cybercriminals used it extensively as they were sure authorities wouldn’t be able to find out about their crimes as the VPN hid their real identity and location. The service’s servers were located in different countries to offer relative proximity to cybercriminals worldwide.

The actions that were part of this investigation make it clear that criminals have fewer and fewer ways to hide their tracks online. Every survey we conduct provides information for the following. The information we collect about potential victims will help us prevent many serious cyber-attacks and data breaches,

Europol’s European Cyber Crime Center’s head, Edvardas Šileris.

More VPN news on

Edward Snowden urges users to stop using ExpressVPN

Hackers dump login credentials of Fortinet VPN users in plain-text

This malware hides behind free VPN, pirated security software keys

Israeli firm Kape Technologies buys ExpressVPN raising privacy concerns

Hackers actively exploiting unfixed flaws in VPNs, Microsoft servers – CISA

Related Posts