Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

US Shuts Down Bulletproof Hosting Service LolekHosted, Charges Its Polish Operator

US authorities have announced charges against a Polish national who allegedly operated the LolekHosted.net bulletproof hosting service.

LolekHosted seized

US authorities have announced the seizure of LolekHosted.net, the domain used by the bulletproof hosting service LolekHosted, as well as charges against its alleged operator.

According to court documents, the domain had been used for roughly a decade to provide customers with secure web hosting services that facilitated cybercriminal activities, including the distribution of ransomware and information stealers, phishing, and distributed denial-of-service (DDoS) attacks.

An indictment unsealed on Friday claims that the domain LolekHosted.net was registered in 2014 by Artur Karol Grabowski, 36, a Polish national who allegedly operated the web hosting service company until the domain’s seizure.

Grabowski allegedly allowed LolekHosted clients to register accounts using false information, did not maintain IP address logs of client servers, changed those IP addresses, ignored abuse complaints from third parties and notified his clients of the legal inquiries he received.

He advertised LolekHosted as providing “100% privacy hosting,” allowing clients to perform all types of criminal activities, “except child porn”.

One of the illicit operations hosted on LolekHosted was the NetWalker ransomware, which made roughly 400 victims, including colleges, hospitals, law enforcement and emergency services, municipalities, school districts, and universities.

The LolekHosted servers, documents presented in court claim, were used to launch approximately 50 NetWalker ransomware attacks against victims worldwide. The servers were used as intermediaries, to store hacking tools and victim data.

Advertisement. Scroll to continue reading.

The NetWalker ransomware operators, authorities say, have received more than $146 million worth of bitcoin in ransom payments.

If found guilty, Grabowski faces up to 45 years in prison and the forfeiture of $21.5 million.

LolekHosted’s seizure was the result of a cooperation between law enforcement agencies in the US and Poland, with assistance from Europol.

Five alleged administrators of the bulletproof hosting service were arrested in Poland, but Grabowski remains a fugitive.

Related: Romanian Operator of Bulletproof Hosting Service Sentenced to Prison in US

Related: Los Angeles SIM Swapper Pleads Guilty to Cybercrime Charges

Related: US Charges Russians With Hacking Cryptocurrency Exchange

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.

Register

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...