National Crime Agency shuts down Dark Web VPN


The UK’s National Crime Agency has announced that it has undertaken a successful operation with European colleagues to take down a well-known Dark Web VPN that was popular with cybercriminals. is believed to have been the VPN of choice for a significant number of cybercriminals engaging in ransomware attacks both here in the UK and overseas.

What was LabVPN? (not to be confused with was founded in 2008.

On the face of it, it offered regular VPN services. It used the OpenVPN protocol and robust 2048-bit encryption and subscribers could sign up for as little as US$60 a year.

The difference between LabVPN and more reputable providers was that this service was only advertised on the ‘dark web’ and as a result, a large proportion of its customers were cybercriminals intent on trying to use a VPN to hide their nefarious activities.

VPNLab original site

Indications suggest from the payment methods accepted such as WebMoney, QIWI Wallet and others, plus languages available on the site, English and Russian, that it may have been ran by those with links to Russian speaking countries.

What has happened to LabVPN?

According to the National Crime Agency, their officers had gathered evidence that LabVPN was being used by cyber-criminals in the preparatory stages of a range of ransomware attacks.

The precise details of these ransomware attacks were not revealed but they did state that the attacks had “caused significant economic harm to UK businesses.”

Having gathered sufficient evidence, the National Crime Agency co-opted the support of the local police department in Hannover, Germany, where LabVPN was based, and other law enforcement agencies around the world.

They acted on 17th January and seized no fewer than 15 different server infrastructures around the world. The National Crime Agency themselves seized the British servers.

John Denley, the Deputy Director of the NCA’s National Cyber Crime Unit, explained the motivation behind their actions saying, “Cybercriminals using LabVPN clearly thought they could operate with impunity, and remain under the radar of law enforcement.”

“This operation shows they were wrong,” he continued, “There is no hiding place from the combined power of global law enforcement when it comes to taking down illegal IT infrastructure.”

What does this mean for VPN users?

If you are a LabVPN user, this means that you are now on the lookout for a new VPN provider. This is no bad thing as LabVPN was certainly not a provider we would have recommended in the first place.

The service is now offline, and the websites have been replaced by a Europol holding page that explains that the domain has been seized by European law enforcement bodies.

VPNLab Seized

This is not the first time a VPN website has ended up displaying such a message.

If you read about the takedown of DoubleVPN back in June of last year, that will be familiar to you. Likewise, three supposedly “bulletproof” VPNs were also taken down by Europol back in 2020.

What does this mean for regular VPN users?

Some readers may be wondering if regular VPNs should be concerned that law enforcement agencies can seize a VPN in this manner and what it means for their security and privacy when using a regular VPN.

The answer is quite simply no.

LabVPN was a criminal VPN. It marketed itself as such, advertising primarily on the dark web, and made its money out of selling a VPN service to criminals.

It was arguably only a matter of time before LabVPN was linked to enough criminal activity for law enforcement bodies to take action against it. After all, this is what most of the activity running through its servers was.

But one bad VPN provider should not be allowed to tarnish the entire market.

Reputable VPNs, which all of the providers we recommend on VPNCompare can be classified as secure, actively discourage criminal activity on their servers and the users they host are overwhelmingly legitimate and law-abiding.

There is no reason whatsoever for customers of VPNs like ExpressVPN and NordVPN to have any concerns at all that this sort of raid could be carried out against their provider. It simply isn’t going to happen.

Far from being damaging to the VPN market, the seizure of LabVPN is good news for the VPN industry and regular VPN customers.

Like any reputable industry, VPNs want to keep their market clean and above board and the likes of LabVPN do damage to all VPNs, not just those businesses and individuals that fall victim to the ransomware attacks they helped to facilitate.

Sadly, there are still more dodgy VPN providers out there helping cybercriminals with activity like this.

But legitimate VPNs are a different breed altogether and there is no reason whatsoever why any of their customers should have any concerns.

Author: David Spencer

Cyber-security & Technology Reporter, David, monitors everything going on in the privacy world. Fighting for a less restricted internet as a member of the VPNCompare team for over 7 years.

Away from writing, he enjoys reading and politics. He is currently learning Mandarin too... slowly.

Leave a Reply

Your email address will not be published. Required fields are marked *