On Monday, law enforcement agencies in 10 nations, including the FBI in the United States, shut down a 15-server VPN service used to anonymize ransomware attacks.
VPNLab[.]net allegedly provided cover for at least 150 ransomware attacks, according to Ukrainian law enforcement, netting approximately 60 million euros in ransom. The service was headquartered in Germany, where the Hannover police led the investigation.
"One important aspect of this action is also to show that, if service providers support illegal action and do not provide any information on legal requests from law enforcement authorities, that these services are not bulletproof," said Hannover Chief of Police Volker Kluwe, in a statement.
Europol described the service as "a popular choice for cybercriminals."
The nations involved in the takedown included Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the United States and the United Kingdom. Europol and Eurojust provided additional support, including hosting more than 60 coordination meetings.
Ransomware is a complex economy, where several enterprises utilize several different suppliers, with the ability to shift from one to another. Experts note that law enforcement needs to target the high-profile ransomware brands, the lower profile affiliates, as well as the services they use (including VPNs).
In September, the United States sanctioned a cryptocurrency exchange popular with ransomware actors.
The VPNLab action follows Russian law enforcement arrested 14 members of the REvil ransomware gang last week, a major breakthrough in police targeting ransomware manufacturers.