Europol and an international task force arrested First VPN’s administrator on May 19-20, dismantling dozens of servers across 27 countries and ending a service embedded in the ransomware industry.
The FBI counted at least 25 ransomware gangs among the clientele. Europol’s announcement was more expansive: First VPN appeared in “almost every major cybercrime investigation supported by Europol in recent years,” covering ransomware, fraud, data theft, and DDoS attacks. Botnets ran through it too.
First VPN marketed itself exclusively on cybercrime forums, including at least two Russian-speaking marketplaces, with a hard sell on anonymity. “The only data we store is e-mail and username,” the service told prospective clients in one post. That claim didn’t survive contact with investigators. When authorities seized the user database, Europol did something unusual: it notified users directly that they’d been identified, a public move designed to fracture trust in the criminal VPN market.
This arrest signals a shift in law enforcement tactics. That’s not a one-time seizure; it’s a prosecution pipeline that can run for years. If you paid for First VPN anonymity, you didn’t buy it.
The investigation opened in December 2021. No charging documents or extradition requests have been publicly disclosed.
James Okafor