Police and international cybercrime agencies have shut down a VPN service called “First VPN” that was allegedly being used by ransomware groups and cybercriminals. Authorities said the service helped attackers hide their identities during online crimes. The operation involved several countries working together to track and seize the VPN’s infrastructure. Officials believe the platform was connected to multiple cybercrime activities.

According to investigators, “First VPN” was promoted mainly on Russian-speaking cybercrime forums. The service advertised itself as a privacy-focused VPN that did not keep user logs or cooperate with law enforcement agencies. These claims reportedly attracted ransomware gangs and data thieves looking for anonymity online. Authorities said the platform became popular among criminals involved in cyberattacks and fraud operations.

The international operation was coordinated with the support of Europol and law enforcement agencies from different countries. Reports stated that dozens of servers connected to the VPN service were seized across 27 countries. Authorities also confirmed that a suspected administrator linked to the operation was arrested. A house search was reportedly carried out in Ukraine during the investigation.

Officials revealed that the investigation first started in December 2021 and later expanded in 2023. French and Dutch authorities formed a joint investigation team to continue tracking the VPN network and its users. Over time, investigators reportedly gained access to parts of the VPN infrastructure. This helped them gather information before the final shutdown operation took place.

Investigators said they secretly monitored sections of the VPN service during the investigation. This reportedly allowed authorities to collect traffic information linked to criminal activity. Law enforcement agencies believe the gathered data could help identify people connected to ransomware attacks and fraud operations. Officials stated that the operation created important leads for ongoing cybercrime investigations.

Europol said information related to hundreds of users was shared with international partners for further investigation. Authorities believe the collected evidence may help connect suspects to ransomware gangs and stolen-data operations. Cybersecurity experts say this operation is significant because it targeted infrastructure instead of only individual hackers. By shutting down services used by criminals, investigators can disrupt several cybercrime operations at once.

The case also highlights that services promising complete anonymity may still be vulnerable to law enforcement investigations. Authorities stated that many criminals believed the VPN would fully protect them from being identified online. However, investigators were reportedly able to infiltrate parts of the service and monitor activity linked to cybercrime. Experts say this sends a strong message to criminals relying on similar platforms.

This is not the first time authorities have targeted VPN services connected to cybercrime activities. Similar operations have taken place in recent years against platforms allegedly used by ransomware groups and online fraud networks. Officials confirmed that the domains connected to “First VPN” have now been seized and replaced with law enforcement notices. Investigations are still ongoing, and authorities say more actions could follow in the future.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news