Users including suspected ransomware slingers to be targeted in follow-up investigations

Safe-Inet, a virtual private network VPN service favored by cybercriminals, has been taken down by law enforcement

Safe-Inet, a virtual private network (VPN) service favored by cybercriminals, has been taken down as part of a law enforcement action that police hope will lead onto follow-up investigations against its users.

The Safe-Inet service was shut down and its infrastructure seized in Germany, the Netherlands, Switzerland, France, and the US.

Servers maintained by Safe-Inet offered ‘bullet-proof’ hosting, allowing crooks to host phishing pages, ransomware drop sites and the like while ignoring complaints, alongside VPN services.

The servers were taken down, and a splash page put together by law enforcement was published after Safe-Inet’s internet domain was seized as part of Operation Nova.


The Safe-Inet VPN service was taken down by law enforcement on December 21The Safe-Inet VPN service was taken down by law enforcement on December 21

Peeling back the layers

The takedown operation against Safe-Inet was led by the German Reutlingen Police Headquarters and supported by European policing organization Europol, the FBI, and other law enforcement agencies.

Prior to the takedown, Safe-Inet had operated for more than 10 years, latterly offering cybercriminals involved in ransomware, e-skimming, and other malfeasance a means to access their infrastructure without being tracked.


Read more of the latest cybercrime news


This VPN service was marketed by its providers as “one of the best tools available to avoid law enforcement interception, offering up to five layers of anonymous VPN connections”, according to a statement by Europol on the takedown operation.

Law enforcement were able to identify some 250 companies worldwide whose systems had been spied on using the Safe-Inet VPN service, likely as part of reconnaissance activities by cybercriminals.

The victimized organizations involved were warned by police to step up their security since they were at high risk of a ransomware attack.

Enforcement action

Now that the Safe-Inet service has been rendered inaccessible, police worldwide are in the process of going through logs in preparation for enforcement actions against its users.

It’s not known how long police might have had control of Safe-Inet’s service prior to the takedown but a statement by Europol claims that “law enforcement wiretapped the very service used by criminals to evade interception”.

A US Department of Justice statement offers further background on Safe-Inet’s nefarious activities and the Operation Nova takedown operation that led to its demise.


RELATED FBI’s dark web investigations hampered by inefficiencies, overlapping objectives of different units