An international team of investigators led by the Hanover Police Department has successfully cracked down on cybercriminals. In a globally coordinated action by 13 authorities, a total of 15 servers on which VPNLab.net’s service was hosted were confiscated or taken offline on January 17, according to media reports. According to authorities, VPNLab.net was a popular encryption service for cybercriminals, who used it to anonymously carry out ransomware attacks, among other things.
The VPNLab.net service is based on OpenVPN technology and uses 2048-bit encryption. The service was targeted because several investigations uncovered how criminals used VPNLab.net to distribute malware. According to the authorities, the service also played an important role in spreading ransomware and coordinating the communication behind the attacks.
According to media reports, the network was used to spread the “Ryuk” malware. The hackers used this malware to blackmail clinics, companies, administrations and universities. The service served the criminals for exchange and the establishment of organized structures. VPNLab.net was first targeted by the authorities in 2019 when the Hanover police and the Verden public prosecutor investigated a cyber attack on the Neustadt am Rübenberge city administration.
International structures require global coordination
As is often the case in cybercrime cases, the infrastructures and actors are spread across several countries around the world. This time the authorities were able to seize the servers in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the USA and Great Britain. This action shows how important the issue of ransomware has become to the authorities and how important a globally coordinated approach is.
“Unfortunately, the risk of a possible ransomware attack has only decreased slightly because many other hackers operate from countries where they and their infrastructure have little or no fear of prosecution,” explains Eric Waltert, Regional Vice President DACH at Veritas Technologies .
“As important and gratifying as the strike against VPNLab.net is, the most effective protection against ransomware, in addition to a strong security architecture, remains a functioning, resilient backup of all important data, regardless of where it is stored,” explains Waltert. “Because if you can reliably restore your information from a secure backup, you can’t be blackmailed by ransomware.”