International sting shuts down ‘favorite’ VPN of cybercriminals

The FBI and European police announced a sting against the Safe-Inet, which had marketed "bulletproof hosting" to cybercrime networks.
German police, polizei
(Getty Images)

The latest international action against cybercrime infrastructure involves the takedown of a virtual private network (VPN) used to hide the activities of ransomware gangs and other illegal operations.

The FBI and European police announced the sting against the Safe-Inet service Tuesday morning. The VPN company was billed as “cybercriminals’ favorite” by Europol.

The FBI said three Web domains associated with the service —, and — had been seized and then plastered with notices from police. Officials said that taking down Safe-Inet was disruptive to major active cybercriminal campaigns, but they did not specify what those were.

“Active for over a decade, Safe-Inet was being used by some of the world’s biggest cybercriminals, such as the ransomware operators responsible for ransomware, E-skimming breaches and other forms of serious cybercrime,” according to a news release from Europol, the top police agency for the European Union. “This VPN service was sold at a high price to the criminal underworld as one of the best tools available to avoid law enforcement interception, offering up to 5 layers of anonymous VPN connections.”


Prior to the takedown, law enforcement warned about 250 companies worldwide that they were at risk of ransomware attacks via the infrastructure provided by Safe-Inet, Europol said.

Safe-Inet had actively marketed “bulletproof hosting” and the associated VPN services in underground forums, the FBI said. Bulletproof hosting is basically a promise to do whatever it takes to protect customers’ online activities from the eyes of law enforcement.

“Much of the criminal activity occurring on the network involved cyber actors responsible for ransomware, E-skimming breaches, spearphishing, and account takeovers,” the FBI said. “The service’s website offered support in Russian and English languages, at a high price to the criminal underworld.  This infrastructure preferred by cybercriminals was used to compromise networks all around the world.”

Screenshot of the seizure message posted by law enforcement agencies on

The sting is just one in a string of moves by law enforcement against transnational cybercrime. As recently as Friday, U.S. officials said they had seized web domains that imitated major drug companies in order to scam people.

Other recent operations involving Europol include arrests in November in connection with malware intended to evade anti-virus software. In October, the FBI and Europol led a sweeping crackdown against the QQAAZZ gang. In September, the two agencies arrested 179 people accused of facilitating the drug trade through dark web markets.

The operation against Safe-Inet was led by German Reutlingen Police Headquarters, and it also involved police from France, the Netherlands, and Switzerland. Infrastructure was seized in all five of the associated countries, Europol said.

The VPN takedown isn’t the end of the story: Investigations are ongoing against Safe-Inet’s users in several countries, Europol said.

Latest Podcasts