A ‘Bulletproof’ hosting service that was utilized by ransomware gangs and other cybercriminals has been seized by law enforcement, five individuals have been arrested, and its founder has been indicted in federal court.
The LolekHosted.net domain was registered by Polish national, Artur Karol Grabowski, 36, in 2014. The LolekHosted service was billed as bulletproof, offering a hosting service with 100% privacy. The owner and operator of the hosting service turned a blind eye to how the hosting service was used, allowing his service to be used for “everything except child porn.” The service had a no-log policy, did not record IP addresses, client servers often had their IP addresses changed, and any reports of criminal activity and abuse were ignored. If any inquiries were received from law enforcement, clients were notified. Payment for the service was accepted in cryptocurrency.
The hosting service was used by cybercriminals for hosting information-stealing malware, launching Distributed Denial of Service (DDoS) attacks, managing botnets that distributed spam and phishing emails, and hosting a wide range of scam sites. The service also supported ransomware gangs, including the NetWalker ransomware operation, which conducted more than 400 attacks worldwide on healthcare providers, municipalities, educational institutions, and law enforcement and emergency services, generating more than 5,000 in Bitcoin payments from ransoms – around $146 million. According to the DOJ, the LolekHosted service was used to execute approximately 50 Netwalker ransomware attacks.
The domain and infrastructure were seized on August 8, 2023, as part of a coordinated law enforcement operation by the Polish Central Cybercrime Bureau and the US Department of Justice (DoJ), with support provided by Europol and the Federal Bureau of Investigation (FBI). Five administrators were arrested in the raid and all of the servers supporting the service were seized. Grabowski was charged in connection with the service, although it is unclear if he was one of the individuals arrested. The LolekHosted.net domain now displays a notice from the FBI and Internal Revenue Service (IRS) stating the domain has been seized as part of a coordinated law enforcement operation involving the U.S. Attorney’s Office for The Middle District of Florida and the Computer Crime and Intellectual Property Section of the DOJ. If convicted on all counts, Grabowski faces up to 45 years in jail. U.S. authorities are also seeking an order for the forfeiture of $21.5 million – The alleged profits from Grabowski’s criminal activities.