In a coordinated operation aimed at disrupting cyber criminals, a group of international law enforcement agencies took down DoubleVPN, a virtual private networking service allegedly used by ransomware gangs to hide their online tracks.
According to Europol, the European law enforcement coordinating agency, officials from the United States, Canada, and several European countries seized servers and websites belonging to DoubleVPN around the world on Tuesday. A government takedown notice now greets visitors to the company’s website.
“Law enforcement gained access to the servers of DoubleVPN and seized personal information, logs and statistics kept by DoubleVPN about all of its customers,” the notice reads, adding that officials intend to use the data to continue their investigation.
“Today’s announcement sends a strong message to the criminals using such services: the golden age of criminal VPNs is over,” said Edvardas Šileris, head of the European Cybercrime Center.
The coordinated action comes after the Biden administration made public commitments to form an international coalition to combat ransomware and cybercrime, following a rash of ransomware attacks on companies critical to US supply chains, such as Colonial Pipeline and JBS Foods. Ransomware attacks have wreaked havoc around the world, causing hospitals in Ireland and a news organization in Germany to shut down.
DoubleVPN advertised itself as a privacy-protecting tool that customers could use to hide their true location and encrypt their internet traffic for as little as $25 per month.
VPNs work by routing user traffic through third-party servers, giving the impression that the user is in another location. For added privacy, DoubleVPN’s more advanced plans allowed users to route internet traffic through multiple VPNs.
According to Europol, this capability allowed online criminals to use DoubleVPN as a safe haven from which to launch malicious cyberattacks.
“DoubleVPN was heavily advertised on both Russian and English-speaking underground cybercrime forums,” the statement said, “as a means to mask the location and identities of ransomware operators and phishing fraudsters.”
According to Europol, the group of agencies coordinated for months before the takedown, beginning in October last year.
According to Europol, the FBI and US Secret Service were involved in the operation but did not immediately respond to requests for comment.