Software costing as little as £19 that was used by hackers to hide their real-life locations and identities has been taken down in an international sting.
Law enforcement in the UK, Europe, US and Canada seized the web domains and server infrastructure of DoubleVPN this week.
The service, used by cyber criminals to evade detection, was advertised on Russian and English speaking forums on the dark web.
Officers from the National Crime Agency (NCA) took down the UK node of DoubleVPN on Tuesday, as part of an international operation led by the Dutch National Police.
The NCA said that it had been used to access the networks of a number of UK companies, but it did not name the firms.
John Denley, deputy director of the NCA’s National Cyber Crime Unit, said: “DoubleVPN was a multi-layered virtual private network service run by cyber criminals, to enable fellow cyber criminals to mask their identities online.
“It allowed them to anonymously communicate, identify victims then effectively sneak in and conduct reconnaissance on their systems as a precursor to launching a cyber attack.
“Working with partners across Europe, the US and Canada, we have dismantled this network and therefore the service that cyber criminals so heavily relied on. This included taking servers offline which were hosted in the UK.
“NCA investigators were also able to identify a number of UK businesses whose networks had been unlawfully accessed by DoubleVPN. They were notified and officers helped them protect themselves against potential network intrusions.”
He said that services such as DoubleVPN are used by organised crime groups behind ransomware used in major international attacks.
“Ransomware attacks have evolved and increased in severity over recent years, with government and national infrastructure being targeted,” Mr Denley added.
“The NCA is working closely with partners to bolster our capability to respond to this national security threat and strengthen the UK’s response to cyber crime.”