LabVPN takedown: NCA takes UK server of criminal network offline

An international investigation involving the National Crime Agency has led to the takedown of LabVPN – a service used by cyber-criminals to facilitate their illicit activities.

The activity, led by the Hanover Police Department in Germany, saw the seizure of 15 server infrastructures across the globe yesterday (17 January), with NCA officers taking the UK node of the network offline.

This service has been used by cyber-criminals in the preparatory stages of ransomware attacks that have caused significant economic harm to UK businesses.  

Web domains were replaced with a law enforcement splash page explaining that the network has been seized and is no longer available for use.

LabVPN, which was established in 2008, enabled cyber-criminals to control botnets and malware distribution. It offered virtual private network (VPN) services on the Dark Web based on OpenVPN technology and 2048-bit encryption to provide online anonymity for as little as $60 per year. It was a popular choice for cybercriminals, who could use its services to carry on committing their crimes without fear of detection by authorities.

It was also used to create criminal infrastructure and conduct communications behind ransomware campaigns, as well as the actual deployment of ransomware.

John Denley, Deputy Director of the NCA’s National Cyber Crime Unit, said:

“Cybercriminals using LabVPN clearly thought they could operate with impunity, and remain under the radar of law enforcement.

“This operation shows they were wrong and that there is no hiding place from the combined power of  global law enforcement when it comes to taking down illegal IT infrastructure. This included the NCA switching off servers which were being hosted in the UK.

“We continue to work closely with international partners to bolster our capability to respond to this national security threat and strengthen the UK’s response to cyber crime.”