Authorities between the US Department of Justice, the Federal Bureau of Investigation (FBI), Europol and the Polish Central Cybercrime Bureau coordinated efforts to take down a Lolek bulletproof hosting service that criminals accessed to launch large-scale cyber attacks worldwide.
Swift Collective Action
In a merciless sweep, five administrators for the hosting service were arrested whilst agents seized all of the service’s servers, rendering the service (LolekHosted.net) no longer operable.
The US Department of Justice announced that a Polish national has been charged with computer fraud conspiracy, naming the suspect as 36-year-old Artur Karol Grabowski in unsealed court documents. If convicted on all counts, Grabowski will see a maximum sentence of 45 years behind bars.
The United States is seeking an order of forfeiture of $21.5m for the proceeds of the charged criminal conduct. Grabowski, at the time of writing, remains a fugitive from justice.
What is Bulletproof Hosting?
Security experts identify bulletproof hosting sites as hosting sites that prefer more lenient behaviour towards certain materials that their customers upload and distribute, choosing a more blind-eye attitude towards what their customers utilise the service for.
A thorough and complex investigation into Lolek Hosting’s activities highlighted how they facilitated the distribution of Information-theft malware and the launching of distributed denial of service (DDoS) attacks. Other activity picked up on was fictitious online stores, Botnet server management and worldwide distribution of spam messages.
Marketing slogans boasting that anyone can host anything on the service and a highlighted no-log policy were notable with the hosting service, as well as payments made via cryptocurrencies.
Whilst Grabowski did state that child pornography was off limits for the service, he did claim that the service was 100% bulletproof and provided ‘100% privacy’ for users upon registering the domain in 2014.
NetWalker ransomware was among many variants facilitated by Lolek Hosting, deployed on approximately 400 victim company networks. These included Hospitals, law enforcement and emergency services – and educational facilities from school districts right up to the university level.
That resulted in a payment of over 5,000 bitcoin ransoms that currently value at $146mn. NetWalker was seized in 2021 by the Department of Justice in a coordinated international strike, where the defendant was subsequently charged and sentenced alongside $500,000 seized.
Netwalker made $25mn over a few months in 2020, with the first version of the NetWalker ransomware appearing in 2019. Lolek is currently indicted for its role in supporting the execution of approximately 50 NetWalker ransomware attacks against over 400 networks around the world.
For more information on any future risk management events and cybersecurity conferences, check out the upcoming events from Whitehall Media.