Law enforcement shuts down VPN service used by two dozen ransomware gangs
Source: TechCrunch
Operation Overview
An international coalition of law‑enforcement agencies announced Thursday that they took down a popular virtual private network (VPN) service used by cybercriminals and arrested its administrator.
The FBI said in an alert that First VPN was so popular that “at least” 25 ransomware gangs used the service to hide their malicious activity. Cybercriminals also relied on the VPN to scan the internet, run botnets, launch distributed denial‑of‑service (DDoS) attacks, and to conduct scams. First VPN operated servers across 27 different countries, according to the bureau.
Europol stated in an announcement that, apart from offering anonymous connections, First VPN provided cybercriminals with anonymous payments, hidden infrastructure, and other services specifically marketed for criminal hackers.
“First VPN had become deeply embedded in the cybercrime ecosystem, appearing in almost every major cybercrime investigation supported by Europol in recent years,” the announcement read. “Criminals used it to conceal their identities and infrastructure while carrying out ransomware attacks, large‑scale fraud, data theft, and other serious offences.”
The service was advertised on known cybercrime forums, including at least two Russian‑speaking marketplaces, promising criminals protection against identification.
Claims Made by First VPN
“We are for anonymity. We do not store any logs that would allow us or third parties to link an IP address in a specific period of time with a user of our service,” First VPN said in a post that TechCrunch has seen. “The only data we store is e‑mail and username, but it is impossible to link a user’s online activity with a specific user of our service.”
Law‑Enforcement Action
Europol reported that First VPN users were notified of the shutdown and “informed that they have been identified.” Investigators obtained the service’s user database and identified VPN connections, which “exposed thousands of users linked to the cybercrime ecosystem.”
The international law‑enforcement effort also said that First VPN’s administrator was arrested, dozens of servers were dismantled, and the infrastructure was disrupted—products of an investigation launched in December 2021.