An international coalition of law enforcement agencies has successfully dismantled a prominent virtual private network (VPN) service that served as a critical infrastructure hub for global cybercriminal operations. The operation, which concluded with the arrest of the service’s administrator, targeted a platform known as First VPN, which had become a staple tool for malicious actors seeking to obscure their digital footprints.

Investigations revealed that First VPN was utilized by at least two dozen distinct ransomware gangs to facilitate a wide range of illicit activities, including large-scale fraud, data theft, and distributed denial-of-service (DDoS) attacks. By operating servers across 27 countries, the service provided criminals with a robust layer of anonymity, allowing them to scan the internet and manage botnets without detection. The platform specifically marketed itself to the criminal underworld, offering anonymous payment options and a strict ‘no-logs’ policy that promised to keep user activity untraceable.

Despite the service’s claims of total privacy, investigators successfully seized the platform’s user database, which contained critical information linking thousands of individuals to the cybercrime ecosystem. Law enforcement officials have since notified these users that their identities have been compromised. The takedown, which involved the dismantling of dozens of servers, marks the culmination of a complex investigation that began in late 2021 and represents a significant blow to the infrastructure supporting modern ransomware attacks.