U.S. authorities have seized a “bulletproof” hosting service provider called LolekHosted for allegedly facilitating ransomware attacks on 400 networks, the Department of Justice (DOJ) said on Aug. 11.
The seizure warrant was issued by the District Court for the Middle District of Florida. The server now displays a banner informing visitors that the domain name has been seized by federal authorities.
Artur Karol Grabowski, a 36-year-old Polish national, has been charged for his role in managing the web hosting company that facilitated malicious activities like “ransomware, brute-force attacks, and phishing.”
The DOJ said that Mr. Grabowski was charged with computer fraud conspiracy, wire fraud conspiracy, and international money laundering in connection with the provision of web hosting services.
He was accused of aiding the criminal activities of LolekHosted clients by allowing them to register accounts using false information, not maintaining IP address logs of client servers, and ignoring abuse complaints made by third parties against clients.
“Grabowski registered the domain ‘LolekHosted.net’ in 2014, and advertised that its services were ‘bulletproof,’ provided ‘100% privacy hosting,’ and allowed clients to host ‘everything except child porn,’” the indictment reads.
He remains at large. The indictment also notifies Mr. Grabowski that the United States is seeking an order of forfeiture in the amount of $21.5 million, the proceeds of the charged criminal conduct.
Among the ransomware variants facilitated by LolekHosted was the NetWalker ransomware, which was deployed on 400 company networks, including municipalities, hospitals, law enforcement and emergency services, school districts, colleges, and universities.
The DOJ stated that the NetWalker ransomware attacks led to the payment of over 5,000 bitcoins in ransom, equivalent to around $146 million.
“LolekHosted clients used its services to execute approximately 50 NetWalker ransomware attacks on victims located all over the world, including in the Middle District of Florida,” the indictment reads.
“Specifically, clients used the servers of LolekHosted as intermediaries when gaining unauthorized access to victim networks and to store hacking tools and data stolen from victims,” it added.
Meanwhile, the European Union Agency for Law Enforcement Cooperation (Europol) announced that five of LolekHosted administrators had been arrested in Poland, and all of its servers seized.
“This latest success in the fight against cybercrime follows a complex investigation supported by Europol and the US Federal Bureau of Investigation (FBI),” Europol said in a statement.
“The complex investigation into LolekHosted.net revealed how the service facilitated the distribution information-stealing malware, and also the launching of DDoS (distributed denial of service) attacks, fictitious online shops, Botnet server management and distribution of spam messages worldwide,” it added.
