Skip to content
Tech News
← Back to articles

Law enforcement shuts down VPN service used by two dozen ransomware gangs

2026-05-21 | original
read original get VPN Security Kit → more articles
Why This Matters

The takedown of First VPN marks a significant blow to cybercriminal networks, disrupting their ability to operate anonymously and coordinate malicious activities. This operation highlights the importance of law enforcement collaboration in combating cybercrime and underscores the ongoing challenges in securing online privacy services used for illegal purposes. For consumers, it emphasizes the need for vigilance and responsible use of VPNs, as these tools can be exploited for illicit activities despite their legitimate privacy benefits.

Key Takeaways

An international coalition of law enforcement agencies announced Thursday that they took down a popular virtual private network service used by cybercriminals and arrested its administrator.

The FBI said in an alert that First VPN was so popular that “at least” 25 ransomware gangs used the service to hide their malicious activity. Cybercriminals also relied on the VPN to scan the internet, run botnets, launch distributed denial-of-service attacks, and for running scams. First VPN operated servers across 27 different countries, according to the bureau.

Europol said in an announcement that, apart from offering anonymous connections, First VPN offered cybercriminals anonymous payments, hidden infrastructure, and other services specifically marketed for criminal hackers.

“First VPN had become deeply embedded in the cybercrime ecosystem, appearing in almost every major cybercrime investigation supported by Europol in recent years,” read the announcement. “Criminals used it to conceal their identities and infrastructure while carrying out ransomware attacks, large-scale fraud, data theft, and other serious offences.”

The service advertised on known cybercrime forums, including at least two Russian-speaking marketplaces, promising criminals protection against being identified.

“We are for anonymity. We do not store any logs that would allow us or third parties to link an IP address in a specific period of time with a user of our service,” FirstVPN said in one post that TechCrunch has seen. “The only data we store is e-mail and username, but it is impossible to link a user’s online activity with a specific user of our service.”

Europol, however, said that First VPN users were notified of the shutdown and “informed that they have been identified.” Investigators said they did this by obtaining the service’s user database and identifying VPN connections, which “exposed thousands of users linked to the cybercrime ecosystem.”

The international law enforcement agency also said First VPN’s administrator was arrested, dozens of servers “dismantled,” and its infrastructure was disrupted — all products of an investigation launched in December 2021.

Explore topics: vpn ransomware law enforcement first vpn europol
Related:
Firefox's Free VPN Adds More Servers in More Countries
Police seize “First VPN” service used in ransomware, data theft attacks
Victory: Tennessee man jailed 37 days for Trump meme wins $835,000 settlement
Why I still recommend NordVPN to most people in 2026
We tested the most popular VPNs in New York, London, and Tokyo - this one is the best for traveling

© 2026 GoKawiil

About | Editorial Policy | Contact