The FBI has launched Operation Riptide, a 60-day nationwide campaign focused on dismantling the services that enable cybercrime — not just the hackers but the VPNs, forums, servers, and payment systems that let criminal networks operate. Under President Trump’s cyber strategy and Executive Order 14390, the bureau has moved from warnings to action, coordinating with international partners to seize infrastructure, make arrests, and disrupt ransomware ecosystems. The takedown of a VPN service long used by ransomware gangs shows a targeted effort to raise the cost and risk of online crime for those who exploit anonymity. This article explains what the operation aims to do, how it began, and why cutting criminal support networks matters for businesses and public safety.
Americans lost more than $20 billion to cybercrime last year, and complaints rose by over a million, with losses jumping 26 percent in a single year. For too long, federal response was reactive and fragmented, letting bad actors exploit gaps. The current effort treats the supporting services as legitimate targets, and that shift matters because attackers rely on a supply chain of tools and platforms as much as individual malware strains.
https://x.com/FBICyberDiv/status/2064429825972998393
Operation Riptide is a concentrated campaign that focuses on the backbone of cybercrime: infrastructure, communications platforms, tools and services, and the money flows that fund illegal activity. The FBI made clear this is a coordinated, sustained effort across all 56 field offices and with international law enforcement partners. Knocking out those enablers is the strategic move: take away the safe channels and you force criminals to either reinvent costly alternatives or quit.
Early actions under Riptide demonstrate that approach. The first major target to fall was a VPN service that marketed itself in criminal channels and routed traffic through servers in multiple countries, including locations inside the United States. That service was not merely a privacy tool for ordinary users; it had built a business model around shielding criminal activity and advertising on criminal-focused forums, where stolen credentials, hacking tools, and unauthorized access change hands.
Today, the FBI is announcing Operation Riptide, an ongoing, coordinated law enforcement campaign targeting cybercriminal actors and the key services they rely on—their infrastructure, their tools and services, their communications platforms, and their money. Operation Riptide is a collective effort that implements the priorities set out in Executive Order 14390 and the National Cyber Strategy.
In recent weeks, the FBI carried out a broad range of enforcement actions against cyber threat actors, serving search warrants, securing indictments, arresting suspects, and dismantling criminal infrastructure.
This marks the beginning of a focused, sustained 60-day national effort. Cybercrime carries real-world consequences, and the FBI remains committed to disrupting malicious cyber activity and holding cybercriminals accountable.
At least 25 ransomware groups, including one known as Avaddon, used that VPN provider’s infrastructure to scope and breach business networks around the world. Avaddon alone struck hundreds of companies and caused millions in damages before it abruptly shut down in 2021, reportedly under pressure from law enforcement. The VPN’s IP addresses also appeared in botnets, denial-of-service attacks, scams, and other intrusions, showing how broadly such services can be abused.
FBI Boston’s Special Agent in Charge Ted E. Docks emphasized the message to those selling or buying tools of anonymity: “The FBI is proud to support its international partners with the takedown of this malicious service. This operation has dealt a significant blow to a business that serviced, shielded, and catered to cybercriminals.” That direct language signals an intent to follow technical leads to their business roots and hold operators accountable.
Docks added: “Let me be clear: anonymity does not grant immunity. Our goal is to make cybercrime harder, riskier, and far less profitable for those behind it.” That statement outlines the operational logic: increase risk and reduce profit margins so criminal actors face real consequences for their choices. It’s a simple economic calculus aimed at deterrence rather than endless attribution fights.
The takedown was led by partners in France and the Netherlands, with assistance from Ukraine, the United Kingdom, Switzerland, and Luxembourg. FBI Boston and the Cyber Division had been building the case since 2021, showing this was not a sudden, headline-driven stunt but a methodical, cooperative investigation. International coordination is essential because these support services operate across borders and require synchronized action to prevent safe havens.
Assistant Director Brett Leatherman summarized recent results: “In recent weeks, the FBI carried out a broad range of enforcement actions against cyber threat actors, serving search warrants, securing indictments, arresting suspects, dismantling criminal infrastructure, and seizing millions in cryptocurrency.” Those seizures and arrests matter because they remove resources and disruption tools that criminals depend on, and they send a clear signal to the underground economy.
The FBI plans to sustain pressure for at least 60 days with more actions to come, and officials expect further arrests, seizures, and takedowns. For businesses and everyday people, that means a federal law enforcement posture that finally treats the broader ecosystem enabling cybercrime as the problem, not just the visible perpetrators. When the government targets the supply chain of criminal tools, it creates space for stronger defenses and less opportunistic attacks.
This phase of enforcement shows a very different posture: proactive, coordinated, and driven by a clear policy directive from the administration. If the operation succeeds in disrupting the services criminals rely on, it will reshape the operating environment for ransomware groups and other cybercriminals. The result should be fewer profitable targets and a more hostile landscape for those who would exploit anonymity to harm American companies and citizens.
Add comment