Law enforcement shutdown the VPN service VPNLab

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs

Pierluigi Paganini January 18, 2022

Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem.

An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that is very popular in the cybercrime ecosystem.

“This week, law enforcement authorities took action against the criminal misuse of VPN services as they targeted the users and infrastructure of VPNLab.net. The VPN provider’s service, which aimed to offer shielded communications and internet access, were being used in support of serious criminal acts such as ransomware deployment and other cybercrime activities.” reads the announcement published by the Europol that coordinated the operation.

The operation saw in Germany, the Czech Republic, France, Latvia, Hungary, Ukraine, the UK, the US, and Canada took part in the operation.

The authorities seized 15 VPNLab.net servers across 10 countries. VPNLab was launched in 2008 and was offering online anonymity to criminal organizations. Its technology was based on OpenVPN and adopted 2048-bit encryption, the price for the subscription was very low, just $60/year.

VPNLab operators were advertising their platform on several hacking forums and dark web forums. The service was used by ransomware gangs for their operations.

The investigation started after an attack carried out by Ryuk ransomware operators hit a German city in August 2019, and according to law enforcement threat actors used VPNLab domain.

The authorities have obtained customer data stored on seized servers and confirmed that the investigation is still ongoing.

“Law enforcement took interest in the provider after multiple investigations uncovered criminals using the VPNLab.net service to facilitate illicit activities such as malware distribution. Other cases showed the service’s use in the setting up of infrastructure and communications behind ransomware campaigns, as well as the actual deployment of ransomware. At the same time, investigators found the service advertised on the dark web itself.” continues the EUROPOL.

“As a result of the investigation, more than one hundred businesses have been identified as at risk of cyberattacks. Law enforcement is working directly with these potential victims to mitigate their exposure.” Europol said.

Recently other VPN services were targeted by operations from law enforcement in recent years. In December 2020, a joint operation conducted by law European enforcement agencies resulted in the seizure of the infrastructure of three bulletproof VPN services.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, VPNLab)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini July 10, 2025

Qantas data breach impacted 5.7 million individuals

Pierluigi Paganini July 10, 2025