Police seize “First VPN” service used in ransomware, data theft attacks

A virtual private network service called 'First VPN,' used in ransomware and data theft attacks, has been taken offline in a joint international law enforcement operation.

Authorities have seized dozens of First VPN servers located in 27 countries, arrested the administrator, and conducted a house search in Ukraine.

The VPN service was advertised on various cybercrime forums as a privacy-focused VPN that does not log user data and ignores law enforcement requests for user information.

VPN tools encrypt users’ traffic and hide their real IP addresses. While they are used legitimately to protect privacy on public WiFi, bypass censorship, reduce tracking, and enable secure remote work, threat actors also rely on them to hide their location and infrastructure.

Depending on the region they operate in, VPN providers may be legally required to comply with law enforcement requests and hand over any data they retain for criminal investigations.

Police seize “First VPN” service used in ransomware, data theft attacks

Other newsrooms on this story

Related reading

'First VPN' Cybercrime Service Disrupted, Administrator Arrested

Law enforcement shuts down VPN service used by two dozen ransomware gangs |…

Europol's Operation Saffron takes down First VPN service over ransomware…

First VPN : qu’est-ce que ce service prisé des cybercriminels et démantelé au…

Police target Ukrainians and Russian in ransomware probe

Police act against 130 locals for possessing VPNs on mobile phones in Kashmir