Law Enforcement Agencies Shut Down VPN Service Used by Ransomware Groups

An international coalition of law enforcement agencies announced Thursday that they took down a popular virtual private network service used by cybercriminals and arrested its administrator. The FBI said in an alert that First VPN was so popular that at least 25 ransomware gangs used the service to hide their malicious activity.

Cybercriminals also relied on the VPN to scan the internet, run botnets, launch distributed denial-of-service attacks, and for running scams. First VPN operated servers across 27 different countries, according to the bureau. Europol said in an announcement that, apart from offering anonymous connections, First VPN offered cybercriminals anonymous payments, hidden infrastructure, and other services specifically marketed for criminal hackers.

"First VPN had become deeply embedded in the cybercrime ecosystem, appearing in almost every major cybercrime investigation supported by Europol in recent years," read the announcement. " The service advertised on known cybercrime forums, including at least two Russian-speaking marketplaces, promising criminals protection against being identified.

Investigators said they obtained the service's user database and identified VPN connections, which exposed thousands of users linked to the cybercrime ecosystem. The international law enforcement agency also said First VPN's administrator was arrested, dozens of servers dismantled, and its infrastructure was disrupted.

The investigation was launched in December 2021.