Yet another VPN used by threat actors shut down – this time by Europol


Share on facebook
Share on twitter
Share on linkedin

Technologies like VPN are now susceptible to be used by cyber actors to deploy ransomware and facilitate cybercrimes. Recently, a VPN provider called was taken offline for being used by malicious hackers to install ransomware into its clients.

Swift action was taken by Europol, grounding 15 of its servers on January 17 over Germany, the Czech, Ukraine, U.K., Hungary, the Netherlands, Canada, Latvia, France, and the U.S rendering its services inoperable.

The tool provides advanced anonymity for its clients through its double VPN connections, where traffic is routed through two VPN servers situated in two different countries instead of one – for a price of only $60/year.

Europol didn’t disclose the names of the companies affected but the seizure of the tool resulted in the identification of at least 100 businesses being at the risk of impending cyberattacks.

Europol Image

Europol stated in press conference that “provided a platform for the anonymous commission of high value cybercrime cases, and was involved in several major international cyberattacks”, making it an admirable alternative for cybercriminals who could eventuate crimes without fear of detection by local authorities.

The tool caught the glance of the law enforcement once its infrastructure began to be widely used to disseminate malware, as the investigators extracted evidence of the service advertised on the dark web.

Ukraine’s Cyber Police said the VPN service was identified as being utilised in no less than 150 ransomware cases, with a total cost bill of €60 million in payments.

This take-down follows the shutdown of bulletproof VPN service Safe-Inet in December 2020, and the previous takedown of DoubleVPN in June 2021.

The shutdown of is the most recent effort exerted by the authorities to hone in on VPN providers that have links to crime syndicates and groups.

Edvardas Sileris, the head of Europol’s European Cybercrime Centre (EC3), declared that “the actions carried out under this investigation make clear that criminals are running out of ways to hide their tracks online.”

He further added, “Each investigation we undertake informs the next, and the information gained on potential victims means we may have pre-empted several serious cyberattacks and data breaches.”

For those who use VPN for legitimate purposes, it is important to ensure that the VPN has a good reputation and can stand up to scrutiny in this regard. Credibility is important to assess, and can be done by looking at reviews, consumer review websites and exploring forums to see what sort of reputation a provider has.

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Emergency Assistance

Under Attack?

Please fill out the form and we will respond ASAP. Alternatively, click the button to call us now.