International law enforcement take down DoubleVPN service allegedly used by ransomware gangs
By Brian Fung, CNN
A group of international law enforcement agencies have taken down DoubleVPN, a virtual private networking service allegedly used by ransomware gangs to hide their online tracks, in a coordinated operation aimed at disrupting cyber criminals.
The VPN service was shut down on Tuesday as officials from the US, Canada, and several European countries seized servers and websites around the world belonging to DoubleVPN, according to Europol, the European law enforcement coordinating agency. Visitors to the company’s website are now greeted by a government takedown notice.
“Law enforcement gained access to the servers of DoubleVPN and seized personal information, logs and statistics kept by DoubleVPN about all of its customers,” the notice reads, adding that officials intend to use the data to continue their investigation.
“Today’s announcement sends a strong message to the criminals using such services: the golden age of criminal VPNs is over,” said Edvardas Šileris, head of the European Cybercrime Center.
The coordinated action follows public commitments by the Biden administration to build an international coalition against ransomware and cybercrime, amid a flurry of ransomware attacks on companies considered critical to US supply chains including Colonial Pipeline and JBS Foods. Ransomware attacks have also had devastating impacts globally, disrupting hospitals in Ireland and a news organization in Germany.
DoubleVPN advertised itself as a privacy-protecting tool that customers could use — for as little as $25 a month — to obscure their true location and encrypt their internet traffic. VPNs work by routing user traffic through third-party servers that make it appear as if the customer is located somewhere else. DoubleVPN’s more advanced plans offered to route internet traffic through multiple VPNs for added privacy.
That capability allowed online criminals to use DoubleVPN as a safe haven from which they could launch malicious cyberattacks, Europol said in a statement.
“DoubleVPN was heavily advertised on both Russian and English-speaking underground cybercrime forums,” the statement said, “as a means to mask the location and identities of ransomware operators and phishing fraudsters.”
The group of agencies coordinated for months leading up to the takedown, Europol said, beginning last October.
The FBI and US Secret Service, which participated in the operation, according to Europol, didn’t immediately respond to requests for comment.
The-CNN-Wire
™ & © 2021 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.