[BreachExchange] Domain, server of DoubleVPN used by ransomware gangs seized

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Thu Jul 1 11:41:59 EDT 2021


https://www.hackread.com/doublevpn-domain-server-ransomware-gangs-seized/

A collaborative effort between Europe, Canada, and US law enforcement
authorities has served a big blow to threat actors. According to a press
release from Europol, they have seized the web domains, customer logs, and
server infrastructure of a double-encryption service called DoubleVPN.

Authorities claim that DoubleVPN was being used by threat actors to perform
malicious activities without getting detected. This is a VPN (a virtual
private network) that offered protection to cybercriminals, and they could
conveniently target their victims, Europol said in its press release.

The Takedown

The joint operation was led by Politie (the Dutch National Police) under
the jurisdiction of Landelijk Parket (National Public Prosecutor’s Office),
Landelijk Parket, and Europol and Eurojust coordinated international
authorities’ activities in the framework of the European Multidisciplinary
Platform Against Criminal Threats (EMPACT).

Through their collective efforts, the DoubleVPN service has now become
unavailable worldwide which means all its hosted content and all of its web
domains. Authorities have also replaced content on the VPN’s domains with a
law enforcement splash page that read:

“On 29th June 2021, law enforcement took down DoubleVPN. Law enforcement
gained access to the servers of DoubleVPN and seized personal information,
logs, and statistics kept by DoubleVPN about all of its customers.
DoubleVPN’s owners failed to provide the services they promised.”

Moreover, the Europol explained that the operation was conducted by
Netherland’s Politie, Germany’s BKA, the UK National Crime Agency, the FBI,
the United States Secret Service, the Royal Canadian Mounted Police,
Eurojust, Switzerland’s Polizia Cantonale, Europol, Bulgaria’s GDBOP, and
the Swedish National Police.

Domain, servers of DoubleVPN used by ransomware gangs seized
The message that the homepage of DoubleVPN’s domain shows right now (Image:
Hackread.com)

About DoubleVPN

The Russia-based VPN service was quite popular among English and
Russian-speaking cybercriminals. It provided a high level of anonymity to
threat actors by offering single/double/triple/quadruple VPN connections.

Its users could hide their identities and locations, perform ransomware
operations, phishing campaigns, and easily commit fraud. Using the service,
they could double-encrypt the data sent via DoubleVPN.

In addition to it, by using the service, cybercriminals compromised
networks worldwide. Through this service, requests were encrypted and
transmitted to a VPN server, which sent it to another VPN server before
finally connecting it to the final destination.

Domain, servers of DoubleVPN used by ransomware gangs seized
A cybercriminal praising DoubleVPN on a Russian hacker forum (Image:
Hackread.com)

Official Statement?

Europol’s press release revealed that the takedown occurred on 29th June
2021, and the authorities will continue to work against cybercriminals and
their facilitators.

“International law enforcement continues to work collectively against
facilitators of cybercrime, wherever and however it is committed. The
investigation regarding customer data of this network will continue,”
Europol revealed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210701/bd161e5c/attachment.html>


More information about the BreachExchange mailing list