Police seize First VPN service used in ransomware and data theft attacks

A digital personal community service referred to as “First VPN” utilized in ransomware and information theft assaults has been taken offline by a joint worldwide regulation enforcement operation.

Authorities seized dozens of First VPN servers in 27 international locations, arrested directors, and performed raids in Ukraine.

The VPN service was promoted on numerous cybercrime boards as a privacy-focused VPN that doesn’t log person information and ignores requests for person info by regulation enforcement.

VPN instruments encrypt your visitors and conceal your actual IP deal with. They’re used legally on public WiFi to guard privateness, evade censorship, cut back monitoring, and allow safe distant work, however menace actors additionally use them to cover location info and infrastructure.

Relying on the areas wherein your VPN supplier operates, they could be legally required handy over the info they maintain for prison investigations on the request of regulation enforcement authorities.

Europol says the service has been named in nearly each main cybercrime investigation it helps. Europol says the First VPN title has been shut down.

An investigation into the service started in December 2021 and was led by French and Dutch authorities, who shaped a joint investigation crew in November 2023.

At one level, investigators infiltrated the VPN infrastructure earlier than it was taken offline, collected person databases, and recognized the VPN connections that cybercriminals used of their assaults.

In an official communication video within the type of a cartoon, Europol emphasizes that info usually nonetheless resides on its servers, even when menace actors promise to delete the info.

“An operational job power was established at Europol, bringing collectively investigators from 16 international locations to research the seized information and coordinate info sharing with worldwide companions,” Eurojust stated.

A coordinated worldwide operation performed between Could nineteenth and twentieth focused the First VPN service and took the next actions:

• 33 servers associated to “First VPN” seized
• Seizure of 1vpns.com, 1vpns.web, 1vpns.org, and associated onion domains
• Disruption of key infrastructure supporting the Service;
• Identification and interrogation of Ukrainian suspect
• Notifications issued to particular customers of the platform

A Dutch police press launch confirms that each one customers of First VPN have been recognized and instantly notified, however doesn’t point out particular numbers and it’s unclear whether or not there are any subsequent plans to take authorized motion in opposition to them.

A Europol assertion stated info on 506 customers and 83 “info packages” supporting ongoing or future investigations had been shared internationally.

“The data collected has uncovered hundreds of customers concerned within the cybercrime ecosystem and generated operational leads associated to ransomware assaults, fraud schemes, and different severe crimes all over the world,” Europol stated.