Criminal network service used for ransomware attacks taken down in international operation
A network service that provided ‘online anonymity’ to cybercriminals has been taken down in an international operation involving the National Crime Agency (NCA).
Fifteen server infrastructures across the globe were seized on Monday (January 17) during the operation led by German police, with NCA officers taking the UK node of the network offline.
The NCA said the LabVPN service was used by cybercriminals in the “preparatory stages of ransomware attacks that have caused significant economic harm to UK businesses”.
LabVPN was established in 2008 and enabled cybercriminals to control botnets and malware distribution.
It offered virtual private network (VPN) services on the Dark Web based on OpenVPN technology and 2048-bit encryption to provide online anonymity for as little as 60 US dollars a year.
The NCA said it was “a popular choice for cybercriminals”, who could use its services to carry on committing their crimes without fear of detection by authorities.
It was also used to create criminal infrastructure and conduct communications behind ransomware campaigns, as well as the actual deployment of ransomware.
The NCA said the web domains have been replaced with a law enforcement splash page explaining that the network has been seized and is no longer available for use.
John Denley, deputy director of the NCA’s National Cyber Crime Unit, said: “Cybercriminals using LabVPN clearly thought they could operate with impunity, and remain under the radar of law enforcement.
“This operation shows they were wrong and that there is no hiding place from the combined power of global law enforcement when it comes to taking down illegal IT infrastructure. This included the NCA switching off servers which were being hosted in the UK.
“We continue to work closely with international partners to bolster our capability to respond to this national security threat and strengthen the UK’s response to cybercrime.”