Close Menu
    What's Hot

    LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts

    The US Economy Cannot Grow Without Renewables by Daniel Driscoll

    ‘Intolerable whiff of racism’: Spanish soccer’s never-ending problem – Live Updates

    Facebook X (Twitter) Instagram
    Trending
    • LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts
    • The US Economy Cannot Grow Without Renewables by Daniel Driscoll
    • ‘Intolerable whiff of racism’: Spanish soccer’s never-ending problem – Live Updates
    • Justices Tell Congress Supreme Court Needs Millions More for Security
    • Soccer nut Viktor Orbán has World Cup thoughts – Live Updates
    • Israel and Lebanon Meet to Advance Peace Talks, as Broader Truce Unravels
    • India Condemns Deadly Iranian Strike on Commercial Ship
    • DeepSeek reportedly in talks to raise $1.5B, then IPO
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

    adminBy adminMay 22, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
    Share
    Facebook Twitter LinkedIn Pinterest Email

    First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

    Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks.

    The disruption of First VPN Service was led by France and the Netherlands, with several other nations supporting the investigation since December 2021, including Luxembourg, Romania, Switzerland, Ukraine, the U.K., Canada, Germany, the U.S., Spain, Sweden, Denmark, Estonia, Latvia, Lithuania, Poland, and Portugal.

    First VPN, per Europol, offered services designed specifically for criminal use, allowing anonymous payments and a hidden infrastructure that enabled paying customers to hide their identities when carrying out ransomware attacks, large-scale fraud, and data theft. It was promoted on Russian-speaking cybercrime forums such as Exploit[.]in and XSS[.]is as a tool to evade law enforcement.

    The international operation took place between May 19 and 20, during which authorities took a series of concurrent actions that involved interviewing the service’s administrator, conducting a house search in Ukraine, taking down 33 servers, and seizing infrastructure used to support cybercriminal activity globally.

    Cybersecurity

    The names of confiscated domains are listed below –

    • 1vpns[.]com
    • 1vpns[.]net
    • 1vpns[.]org
    • Related onion domains operating on the Tor network

    “First VPN’s website promoted itself by emphasizing anonymity, promising its users that it would not cooperate with any judicial authority, that it would not store data, and that the service would not be subject to any jurisdiction,” Eurojust said.

    In a coordinated flash alert, the U.S. Federal Bureau of Investigation (FBI) said the service has been active since about 2014, providing 32 exit node servers in 27 countries. Three of the exit nodes were located in the U.S. –

    • 2.223.66[.]103
    • 5.181.234[.]59
    • 92.38.148[.]58

    Other exit nodes were located in Australia, Austria, Belgium, Canada, Cyprus, Finland, France, Germany, Hong Kong, Italy, Latvia, Luxembourg, Moldova, the Netherlands, Panama, Poland, Romania, Russia, Serbia, Singapore, Spain, Sweden, Switzerland, Turkey, Ukraine, and the U.K.

    No less than 25 ransomware groups, such as Avaddon Ransomware, are said to have used First VPN infrastructure to perform network reconnaissance and intrusions. The subscription duration ranged anywhere from one day to one year. Based on the subscription plan, they cost between $2 for a single day and $483 for a whole year. It accepted payments through Bitcoin, Perfect Money, Webmoney, EgoPay, and InterKass.

    “First VPN Service offered several connection protocols, including OpenConnect, WireGuard, Outline, and VLess TCP Reality, and multiple encryption options including OpenVPN ECC, L2TP/IPSec, and PPtP,” the FBI said.

    Cybersecurity

    “Technical support was also offered to users via a self-hosted Jabber server and Telegram encrypted messaging service. Among the VPN protocol options, First VPN Service offered ‘VLESS’ and ‘Reality’ which provides the ability to disguise VPN Internet traffic as HTTPS traffic over ports which are commonly used to connect to websites.”

    According to snapshots captured on the Internet Archive, First VPN offered “Anonymity, Stability, Security,” stating “We do not store any logs that would allow us or third parties to associate an IP address in a specific period of time with the user of our service.”

    “The only data we store is e-mail and username, but it’s impossible to connect the user’s activity on the Internet with a specific user of our service,” it added.

    As a way to escape liability, First VPN also noted in its FAQ that it “strictly” prohibited the use of its servers for illicit activities. “This facilitates the receipt of complaints about our servers, and as a result, they will be disabled,” read the FAQ.

    dismantled global groups Ransomware Takedown VPN
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous ArticleThis free email security scanner pairs perfectly with Gmail or Outlook
    Next Article NASA Is Opening Up Bids For Who Will Run The Jet Propulsion Laboratory
    admin
    • Website

    Related Posts

    LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts

    July 14, 2026

    RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata

    July 14, 2026

    11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot

    July 14, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts

    The US Economy Cannot Grow Without Renewables by Daniel Driscoll

    ‘Intolerable whiff of racism’: Spanish soccer’s never-ending problem – Live Updates

    Justices Tell Congress Supreme Court Needs Millions More for Security

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by