FBI and European law enforcement shut down VPN used by ransomware groups

The action cuts off access to a useful cybercrime tool, the agencies say.

Laura Hautala Former Senior Writer

Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.

Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials

2022 Eddie Award for a single article in consumer technology

See full bio

Laura Hautala

Dec. 23, 2020 2:32 p.m. PT

2 min read

VPN for online security and privacy — An international law enforcement operation shut down a VPN that was allegedly popular with cybercriminals, the FBI and Europol said Tuesday.
James Martin/CNET

Law enforcement aimed to make it harder for criminal hackers to cover their tracks on Tuesday. Europol, joined by the FBI and law enforcement agencies from Germany, the Netherlands and France, said they shut down a service favored by ransomware groups and other cybercriminals for hiding their identities, a VPN called Safe-Inet.

The service, which hides its customers' IP addresses and offers a level of anonymity on the internet, was active for more than a decade, according to Europol. It was used by criminals who run ransomware campaigns and steal credit card numbers off retail websites, as well as other attacks like phishing campaigns and account takeovers. Law enforcement seized three website domains as well as servers in Germany, the US and three other countries.

"This VPN service was sold at a high price to the criminal underworld as one of the best tools available to avoid law enforcement interception, offering up to 5 layers of anonymous VPN connections," Europol said in its announcement.

The agencies didn't announce any arrests or charges against the VPN provider or any of its customers. However, taking down the VPN service is likely to make it harder for criminals who used it to continue their operations, at least for the moment.

Cybersecurity experts say this approach makes sense when it's not possible to catch cybercriminals or fully shut down their operations, and fits in with actions taken by major tech companies. For example, Microsoft seized a web domain used in the SolarWinds hacks to stop a massive malware campaign in December. To take on scammers targeting their users, Facebook sued a domain name registrar in March for helping fraudsters make their apps look like they were affiliated with Facebook.

How to avoid scams, phishing and other cybercrime

The owners of the Safe-Inet VPN offered something called "bullet-proof hosting," which the US Department of Justice said in a statement is "intentionally designed to provide web hosting or VPN services for criminal activity." Services that provide this type of hosting typically ignore complaints of abuse from victims of cybercrime, and don't keep logs of their customers' activities.

CNET VPN Coverage

VPN Use Cases

VPN Reviews - Our Top Picks

VPN Reviews - Other Services

Streaming with VPN

VPN Education

VPN Coupons