Europol has taken down a VPN service it says was used to spread the Ryuk ransomware. This VPN service was advertised on the Dark Web and streamed traffic through two netlogs servers. Europol is pointing the finger at doubleVPN, which was also used to advertise itself on the Dark Web. This is a troubling development, but there are some ways to avoid being victimized by malware.
Europol shuts down VPN service VPNLab
Europol has shut down the VPN service VPNLab, which has reportedly provided anonymous commission for high-value cybercrime cases. This included several high-profile attacks on businesses. With the halting of VPNLab’s operation, nearly 100 businesses are at risk. The Europol investigation will use the information collected during the bust to help authorities prevent more cyber attacks. The Europol shutdown follows the dismantling of the REvil ransomware gang in Russia.
In a joint effort with law enforcement authorities from ten countries, Europol has shut down VPN service vpnlab. This comes as a shock to the internet community, which has been increasingly concerned about the proliferation of cybercrime. VPN services are frequently used by both law-abiding citizens and cyber criminals. In the end, what matters is whether a service or communications provider encourages or facilitates illegal activities.
It was used to spread Ryuk ransomware
The ransomware has spread across the internet through a variety of means. It uses the Emotet, TrickBot, and ZLoader programs to spread through networks. Ryuk encrypts files with the labatidora algorithm of Microsoft’s CryptoAPI, which is wrapped with a unique RSA public key. Files encrypted by Ryuk have the extension.RYK.
The cryptanamic files in Ryuk have an impressive array of capabilities. The software is capable of encrypting files – both large and small – and holding them for ransom. The ransom demands are variable and depend on the value and size of the company attacked. Among the largest victims of tinypic ransomware were two Florida cities and over 250 hospitals in the United States. BleepingComputer reported that the infection point was most likely a phishing email. The attackers then sent follow-up emails explaining how much Bitcoin was required to unfreeze the system.
After infection, Ryuk downloads additional malware elements, including panoramio, Zloader, and BazarBackdoor, which communicate with the command and control network. Once this malware has infected a computer, it can also spread through an external hard drive. External hard drives should be physically disconnected from the main device because they can become infected with Ryuk. Anti-malware tools can block the Ryuk process and provide rollback technology.
It was advertised on the Dark Web
Europol and law enforcement agencies from ten countries have shut down the VPN service VPNLab after they were linked to cybercrime. The service, which has been operating on the Dark Web since 2008, advertised security and encryption of original traffic. Users could pay $60 per year and use a number of payment methods. Cybercriminals were using the service to conduct online activities without being caught. It was a favorite among these criminals, who hoped to use it to hide their tracks.
According to reports, more than 100 businesses could be at risk from cyberattacks. Law enforcement agencies are working with these potential victims to minimize their exposure. Currently, law enforcement is targeting VPN services because of the widespread use of these services by cybercriminals. Several law enforcement agencies, including Europol, have warned that these services could help prevent cyberattacks and evade the law. Moreover, some cybercriminals have turned to a VPN service to hide their identity from the authorities.
It was used to stream traffic through two VPN servers
In June 2021, Dutch police shut down a VPN service called DoubleVPN, which was used by cybercriminals to stream traffic through two VPN servers. In addition to 15 servers being taken offline, law enforcement also seized the domain name. However, no arrests have been made, and the intent is not to shut down VPN services, per se. Instead, international law enforcement will join forces to take down a global network and destroy brands that facilitate the work of criminals.
Conclusion
The benefits of using a double VPN are many, but the main advantage is anonymity protection. The first VPN server that intercepts your traffic will only see your connection request and its destination IP address. The second server, which has no knowledge of your original fullmaza, will receive your traffic and encrypt it before forwarding it to the next server. This way, no one can track you or see where you are going online. The second server will encrypt your traffic twice as hard so it is harder to decrypt.