International Operation Seizes First VPN Service Used by Ransomware Groups
The Boston FBI division helped dismantle a VPN service used by ransomware groups. The takedown followed years of collaboration with European and other partners.
The Boston GlobeThe FBI’s Boston division participated in the international seizure of First VPN Service, a virtual private network provider that aided at least 25 ransomware groups, including Avaddon Ransomware, in network reconnaissance and intrusions. The service operated from about 2014 and allowed users to route traffic through servers in an estimated 27 countries, three of which were located in California, Florida, and New York.
It was used for scanning activity, botnets, denial-of-service attacks, scams, and hacking, and primarily advertised in known criminal dark web forums.
Operation Riptide was led by cybercrime units from France’s National Directorate of the Judicial Police and the Dutch National Police. Authorities in Ukraine, the United Kingdom, Switzerland, and Luxembourg also assisted. The Boston division and the FBI’s national Cyber Division collaborated with foreign partners on the effort since 2021, providing technical assistance and information sharing.
Last year, Americans reported over $20 billion in losses to cybercrime, a 26 percent single-year increase, the FBI said. Ted E. Docks, special agent in charge of the Boston division, said the operation dealt a significant blow to a business that serviced, shielded, and catered to cybercriminals.
“Disruptions like this one matter because it’s not just removing a service, it’s imposing risk and consequences on cyber criminals by injecting uncertainty, increasing their operational costs, and forcing them to operate under a constant fear that their next connection or transaction could be compromised by law enforcement,” Docks said.
” He stated the goal is to make cybercrime harder, riskier, and far less profitable. Visitors to First VPN Service’s website now see a seizure banner stating that the site has been seized by law enforcement.
The service was also used by prominent Russian-language online forums that provide marketplaces for cybercriminals to buy and sell unauthorized access to computer systems, stolen personal identifying information, hacking tools, and contraband.
