W
Wave
Chances are you won't have to do anything because the chances of CyberGhost doing anything are very little - they don't track who is who, so they won't even know who is using their IP addresses for malware testing.Ok, so what you do when VPN provider blocks your IP because it's essentially doing the same my system was doing to my ISP directly? Just keep on changing VPN providers? Or hope they just don't care?
Using a VPN is an essential because the last thing you want is for an attacker to obtain your real IP address; they can attempt to trace back your location via geographical methods based on the IP address, or they can perform network attacks using your IP address to use up your internet resources (bandwidth - via a DDoS attack) and cause your internet to temporarily crash (e.g. they may add your IP address to an existing botnet they have deployed, resulting in X amount of other infected zombie machines attacking your network).
That being said, it's important you simulate the network traffic as @Cch123 mentioned also/instead, and only allow the network activity once you know what is going to really happen, otherwise you could end up affecting others from your own Virtual Environment, even if you are only performing malware testing (e.g. botnet launches on your Virtual Environment, starts attacking enterprise companies/individuals -> now your system is doing this work thanks to the malware, but because you allowed the network activity).
Malware testing/analysis is a really time consuming thing to get right, and we all make mistakes... Hell, I made a mistake about 20 minutes ago, so no one can perfect it... It's like an art, it cannot be rushed too much or you will miss things but has to be done properly to get it right.
I recommend you follow advice from @Cch123 and @tim one - they have a lot of experience when it comes to malware analysis so they definitely know what they are doing, it'd be a wise decision to take their points on-board.