Cybercrime , Encryption & Key Management , Fraud Management & Cybercrime

Multinational Police Raid Seizes DoubleVPN Servers

Europol: Servers, Domains Supported Ransomware Attacks
Multinational Police Raid Seizes DoubleVPN Servers
A Europol takeover image now appears on www.doublevpn.com's homepage.

In a multinational effort led by the Dutch National Police, authorities seized servers and web domains used by DoubleVPN, a Russia-based company that allegedly provided a safe operating infrastructure for cybercriminals, according to Europol.

See Also: Top 50 Security Threats

The takedown effort was coordinated by Europol's European Cybercrime Center with assistance from Eurojust, an EU agency. It was conducted with help from authorities in the U.S., Canada, Germany, Italy, the U.K., Sweden, Bulgaria and Switzerland.

"Servers were seized across the world where DoubleVPN had hosted content, and the web domains were replaced with a law enforcement splash page. This coordinated takedown was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threat," Europol says.

Neither Europol, the European police coordinating agency, nor any of the other participating law enforcement departments report any arrests being made in conjunction with the DoubleVPN takedown. The location of the seized servers was not made public.

"This criminal investigation concerns perpetrators who think they can remain anonymous while facilitating large-scale cybercrime operations," says Dutch Public Prosecutor Wieteke Koorn. "By taking legal action, including the special investigatory power for digital intrusion, we want to make it very clear there cannot be any safe havens for these kind of criminals."

DoubleVPN

DoubleVPN specializes in double encryption of data, also known as double VPN, Heimdal Security explains.

The Russian company allegedly tried to operate on both sides of the line dividing criminal and legal activity, law enforcement authorities say. A cached description the company posted on its site before it was taken down advertised DoubleVPN as "a VPN service you can trust. We help you to hide your real IP address and encrypt your internet traffic."

Europol notes, however, that the company also marketed itself on the darknet, offering similar services for threat groups.

"DoubleVPN was heavily advertised on both Russian- and English-speaking underground cybercrime forums as a means to mask the location and identities of ransomware operators and phishing fraudsters," Europol says. "The service claimed to provide a high level of anonymity by offering single, double, triple and even quadruple VPN-connections to its clients."

Europol says DoubleVPN charged as little as $25 for a VPN connection and alleges that it was being used to compromise networks all around the world.

Ransomware Scourge

With dozens of entities being hit with ransomware in the last several months - including Colonial Pipeline Co., meat processor JBS and the city of Tulsa - fighting against ransomware attacks has become a top priority for President Joe Biden's administration.

Federal agencies have blamed a Russian-based group for the Colonial Pipeline attack, which led the company to temporarily shut down the 5,500-mile pipeline serving much of the East Coast, providing 45% of the region's fuel.

At a June 16 summit in Geneva, Bidencalled for Russian President Vladimir Putin to actively go after threat groups based in his country. Putin denied any attacks originated from his nation and instead said most come from the U.S. and South America.


About the Author

Doug Olenick

Doug Olenick

News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to joining ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to Forbes.com, TheStreet and Mainstreet.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.