Multinational Police Raid Seizes DoubleVPN ServersEuropol: Servers, Domains Supported Ransomware Attacks
In a multinational effort led by the Dutch National Police, authorities seized servers and web domains used by DoubleVPN, a Russia-based company that allegedly provided a safe operating infrastructure for cybercriminals, according to Europol.
The takedown effort was coordinated by Europol's European Cybercrime Center with assistance from Eurojust, an EU agency. It was conducted with help from authorities in the U.S., Canada, Germany, Italy, the U.K., Sweden, Bulgaria and Switzerland.
"Servers were seized across the world where DoubleVPN had hosted content, and the web domains were replaced with a law enforcement splash page. This coordinated takedown was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threat," Europol says.
Neither Europol, the European police coordinating agency, nor any of the other participating law enforcement departments report any arrests being made in conjunction with the DoubleVPN takedown. The location of the seized servers was not made public.
"This criminal investigation concerns perpetrators who think they can remain anonymous while facilitating large-scale cybercrime operations," says Dutch Public Prosecutor Wieteke Koorn. "By taking legal action, including the special investigatory power for digital intrusion, we want to make it very clear there cannot be any safe havens for these kind of criminals."
DoubleVPN specializes in double encryption of data, also known as double VPN, Heimdal Security explains.
The Russian company allegedly tried to operate on both sides of the line dividing criminal and legal activity, law enforcement authorities say. A cached description the company posted on its site before it was taken down advertised DoubleVPN as "a VPN service you can trust. We help you to hide your real IP address and encrypt your internet traffic."
Europol notes, however, that the company also marketed itself on the darknet, offering similar services for threat groups.
"DoubleVPN was heavily advertised on both Russian- and English-speaking underground cybercrime forums as a means to mask the location and identities of ransomware operators and phishing fraudsters," Europol says. "The service claimed to provide a high level of anonymity by offering single, double, triple and even quadruple VPN-connections to its clients."
Europol says DoubleVPN charged as little as $25 for a VPN connection and alleges that it was being used to compromise networks all around the world.
With dozens of entities being hit with ransomware in the last several months - including Colonial Pipeline Co., meat processor JBS and the city of Tulsa - fighting against ransomware attacks has become a top priority for President Joe Biden's administration.
Federal agencies have blamed a Russian-based group for the Colonial Pipeline attack, which led the company to temporarily shut down the 5,500-mile pipeline serving much of the East Coast, providing 45% of the region's fuel.
At a June 16 summit in Geneva, Bidencalled for Russian President Vladimir Putin to actively go after threat groups based in his country. Putin denied any attacks originated from his nation and instead said most come from the U.S. and South America.