Cyber Crime

Domain, server of DoubleVPN used by ransomware gangs seized

US, Canada, and European authorities took part in the operation which ended up seizing cybercriminals’ access to and infrastructure of DoubleVPN.

A collaborative effort between Europe, Canada, and US law enforcement authorities has served a big blow to threat actors. According to a press release from Europol, they have seized the web domains, customer logs, and server infrastructure of a double-encryption service called DoubleVPN.

SEE: Feds seize VPN service used by hackers in cyber attacks

Authorities claim that DoubleVPN was being used by threat actors to perform malicious activities without getting detected. This is a VPN (a virtual private network) that offered protection to cybercriminals, and they could conveniently target their victims, Europol said in its press release.

The Takedown

The joint operation was led by Politie (the Dutch National Police) under the jurisdiction of Landelijk Parket (National Public Prosecutor’s Office), Landelijk Parket, and Europol and Eurojust coordinated international authorities’ activities in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).

Through their collective efforts, the DoubleVPN service has now become unavailable worldwide which means all its hosted content and all of its web domains. Authorities have also replaced content on the VPN’s domains with a law enforcement splash page that read:

“On 29th June 2021, law enforcement took down DoubleVPN. Law enforcement gained access to the servers of DoubleVPN and seized personal information, logs, and statistics kept by DoubleVPN about all of its customers. DoubleVPN’s owners failed to provide the services they promised.”

Moreover, the Europol explained that the operation was conducted by Netherland’s Politie, Germany’s BKA, the UK National Crime Agency, the FBI, the United States Secret Service, the Royal Canadian Mounted Police, Eurojust, Switzerland’s Polizia Cantonale, Europol, Bulgaria’s GDBOP, and the Swedish National Police.

The message that the homepage of DoubleVPN’s domain shows right now (Image:

About DoubleVPN

The Russia-based VPN service was quite popular among English and Russian-speaking cybercriminals. It provided a high level of anonymity to threat actors by offering single/double/triple/quadruple VPN connections.

Its users could hide their identities and locations, perform ransomware operations, phishing campaigns, and easily commit fraud. Using the service, they could double-encrypt the data sent via DoubleVPN.

In addition to it, by using the service, cybercriminals compromised networks worldwide. Through this service, requests were encrypted and transmitted to a VPN server, which sent it to another VPN server before finally connecting it to the final destination.

A cybercriminal praising DoubleVPN on a Russian hacker forum (Image:

Official Statement?

Europol’s press release revealed that the takedown occurred on 29th June 2021, and the authorities will continue to work against cybercriminals and their facilitators.

“International law enforcement continues to work collectively against facilitators of cybercrime, wherever and however it is committed. The investigation regarding customer data of this network will continue,” Europol revealed.

To Top

Pin It on Pinterest

Share This