First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
Authorities in Europe and North America dismantled First VPN, a criminal service used by 25+ ransomware groups, seizing 33 servers and taking down associated domains.
What’s new: Authorities in Europe and North America have dismantled the First VPN Service, a criminal VPN used by at least 25 ransomware groups for obscuring their activities. The operation, led by France and the Netherlands, involved multiple countries and resulted in the seizure of 33 servers and the takedown of associated domains. The VPN was operational since 2014 and facilitated anonymous payments for criminal activities.
Who’s affected
Organizations and individuals targeted by ransomware groups utilizing the First VPN Service are affected. Notable ransomware groups, including Avaddon, have leveraged this VPN for network reconnaissance and attacks.
What to do
- Review your organization’s cybersecurity posture and ensure robust incident response plans are in place.
- Monitor for any unusual activity that may indicate a ransomware attack.
- Educate employees on recognizing phishing attempts and other social engineering tactics commonly used in ransomware attacks.
