Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Global Authorities Dismantle Criminal VPN Used by Ransomware

Global Authorities Dismantle Criminal VPN Used by Ransomware

Posted on May 22, 2026 By CWS

Authorities from Europe and North America have successfully dismantled a virtual private network (VPN) service utilized by cybercriminals to mask their involvement in ransomware attacks, data breaches, and other cyber offenses. The operation, targeting the illicit First VPN Service, was spearheaded by France and the Netherlands, with participation from numerous countries since December 2021.

International Collaboration in Cybercrime Crackdown

The concerted international effort involved nations such as Luxembourg, Romania, Switzerland, the U.K., and the U.S., among others. Europol reported that First VPN was specifically marketed to criminal entities, offering anonymous transactions and an infrastructure designed to conceal identities during illegal activities, including ransomware deployment and large-scale fraud.

Promoted on Russian cybercrime forums like Exploit[.]in and XSS[.]is, First VPN was a tool for criminals to evade law enforcement. The synchronized operation, occurring on May 19 and 20, included the interrogation of the service’s administrator, a raid in Ukraine, and the deactivation of 33 servers involved in global cybercrime support.

Details of the VPN’s Operations and Seizure

The dismantled VPN’s domains included 1vpns[.]com and related onion sites on the Tor network. Eurojust highlighted that First VPN’s promotional materials promised anonymity and non-cooperation with judicial authorities, claiming no data logging practices. According to the FBI, the VPN had operated since 2014, with 32 exit servers across 27 countries, including the U.S.

Other servers spanned regions such as Australia, Canada, and Russia. Up to 25 ransomware groups, including Avaddon, reportedly leveraged this infrastructure for network infiltration. Subscription costs ranged from $2 for a day to $483 annually, with payments accepted via cryptocurrency and other digital means.

Technical Features and Future Implications

First VPN provided various connection protocols like OpenConnect and WireGuard, along with encryption options such as OpenVPN ECC. Technical support was available through encrypted platforms like a Jabber server and Telegram. The VPN’s ‘VLESS’ and ‘Reality’ protocols allowed internet traffic to mimic HTTPS connections, further obscuring activities.

Internet Archive snapshots revealed First VPN’s claims of offering anonymity and stability, asserting the lack of log storage that could link users to activities. Despite its FAQ prohibiting illicit server use, the VPN’s infrastructure facilitated numerous cybercrimes. This international action underscores the importance of collaboration in combating cyber threats and emphasizes the ongoing need for vigilance in internet security.

As the digital landscape evolves, law enforcement agencies worldwide continue to enhance strategies to dismantle networks supporting cybercrime, ensuring greater protection for global internet users.

The Hacker News Tags:criminal network, cyber attacks, cyber threat, Cybercrime, Cybersecurity, data protection, Europol, FBI, First VPN, global takedown, international operation, internet security, law enforcement, Ransomware, VPN

Post navigation

Previous Post: CISA Highlights Critical Langflow Security Vulnerability
Next Post: Ubiquiti Releases Critical Updates for UniFi OS Vulnerabilities

Related Posts

AI Extensions: The Emerging Security Threat in Browsers AI Extensions: The Emerging Security Threat in Browsers The Hacker News
Vercel Data Breach Linked to Context AI Compromise Vercel Data Breach Linked to Context AI Compromise The Hacker News
Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps The Hacker News
Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass The Hacker News
Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks The Hacker News
Over 900 FreePBX Systems Infected in Web Shell Attacks Over 900 FreePBX Systems Infected in Web Shell Attacks The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed
  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert
  • RedWing Malware Offers Banking Fraud via Telegram

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed
  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert
  • RedWing Malware Offers Banking Fraud via Telegram

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark