Domain server

Domain, server of DoubleVPN used by ransomware gangs seized

US, Canadian, and European authorities were involved in the operation that ended up seizing cybercriminals’ access and infrastructure to DoubleVPN.

A collaborative effort between law enforcement authorities in Europe, Canada and the United States has dealt a serious blow to threat actors. According to a Europol press release, they seized the web domains, customer logs, and server infrastructure of a double-encrypted service called DoubleVPN.

SEE: Feds seize VPN service used by hackers in cyberattacks

Authorities claim that DoubleVPN was used by malicious actors to perform malicious activities without being detected. It is a VPN (a virtual private network) that offered protection to cybercriminals, and they could easily target their victims, Europol said in its press release.


The joint operation was led by Politie (the Dutch National Police) under the jurisdiction of Landelijk Parket (National Public Prosecutor’s Office), Landelijk Parket, and Europol and Eurojust coordinated the activities of international authorities within the framework of the European Multidisciplinary Threat Platform (EMPACT).

Thanks to their collective efforts, the DoubleVPN service is now unavailable worldwide, which means all of its hosted content and all of its web domains. Authorities also replaced the content of VPN domains with a law enforcement homepage that read:

“On June 29, 2021, law enforcement removed DoubleVPN. Law enforcement gained access to DoubleVPN’s servers and seized personal information, logs, and statistics maintained by DoubleVPN about all of its customers. The owners of DoubleVPN did not deliver the services they promised.

Furthermore, Europol explained that the operation was carried out by the Dutch Politie, the German BKA, the UK National Crime Agency, the FBI, the US Secret Service, the Royal Canadian Mounted Police, Eurojust, the Swiss Cantonal Polizia, Europol, the Bulgarian GDBOP and the Swedish National Police.

The message DoubleVPN’s domain homepage is displaying right now (Image:

About DoubleVPN

The Russian-based VPN service was very popular among English and Russian-speaking cybercriminals. It provided a high level of anonymity to threat actors by offering single/double/triple/quadruple VPN connections.

Its users could hide their identity and location, perform ransomware operations, phishing campaigns and easily commit fraud. Using the service, they could double-encrypt data sent through DoubleVPN.

Additionally, by using the service, cybercriminals have compromised networks around the world. Through this service, requests were encrypted and transmitted to a VPN server, which sent them to another VPN server before finally connecting them to the final destination.

Domain, DoubleVPN's servers used by seized ransomware gangs
A cybercriminal praising DoubleVPN on a Russian hacker forum (Image:

Official statement?

Europol’s press release revealed that the takedown took place on June 29, 2021 and authorities will continue to work against cybercriminals and their enablers.

“International law enforcement continues to work collectively against the enablers of cybercrime, where and how it is committed. The investigation into this network’s customer data will continue,” Europol revealed.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter