The UK’s National Crime Agency participated in an international investigation that resulted in a shutdown of an encryption service used by cybercriminals to remain anonymous during illegal activities, known as LabVPN.
The operation was led by German police (the Hanover Police Department) and resulted in the seizure of 15 server infrastructures worldwide. The UK’s NCA participated by taking the UK server of the network offline, with the domains changed for the page “this domain has been seized.”
Established in 2008, LabVPN has been offering virtual private network (VPN) services on the dark web for just $60 per year.
“This service has been used by cyber-criminals in the preparatory stages of ransomware attacks that have caused significant economic harm to UK businesses,” the official statement by the NCA says.
By using LabVPN, malicious actors didn’t have to worry about staying anonymous while conducting criminal activity online. Additionally, the service facilitated communication between ransomware group members – specifically about ransomware campaigns – and the creation of criminal structures used to deploy ransomware.
According to John Denley, Deputy Director of the NCA’s National Cyber Crime Unit, threat actors who opted for LabVPN were convinced they would evade capture but were proven wrong.
“This operation shows they were wrong and that there is no hiding place from the combined power of global law enforcement when it comes to taking down illegal IT infrastructure. This included the NCA switching off servers which were being hosted in the UK,” Denley is quoted in the statement.
The existing cooperation is ongoing, with Denley suggesting that the NCA will continue to work with their global partners.
“We continue to work closely with international partners to bolster our capability to respond to this national security threat and strengthen the UK’s response to cyber crime.”
