Cybercrime , Fraud Management & Cybercrime , Ransomware

'Bulletproof' LolekHosted Down Following Police Operation

NetWalker Ransomware Hackers Used the Polish Web-Hosting Service
'Bulletproof' LolekHosted Down Following Police Operation
Image: Lolekhosted.net

U.S. authorities seized a web-hosting company used by ransomware hackers in a joint operation with Polish authorities that resulted in the arrest of five individuals and the indictment of the site's owner.

The site, LolekHosted, now displays a banner showing its seizure by the FBI and the IRS. The indictment says site owner Artur Grabowski knowingly allowed ransomware hackers to host ransomware as part of "bulletproof" web-hosting services launched in 2014.

See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

The indictment, unsealed in Tampa federal court Friday, says two unnamed co-conspirators who were affiliates of the ransomware-as-a-service group NetWalker used LolekHosted for attacks (see: NetWalker Ransomware Affiliate Faces 20 Years in US Prison).

The U.S. Department of Justice said Grabowski faces up to 45 years in prison, if found guilty. Prosecutors are also seeking the forfeiture of $21.5 million. The department said Grabowski remains a fugitive.

Polish authorities on Thursday announced the arrest of five LolekHosted admins. Europol said criminals had used LolekHosting as a launching point for info-stealing malware, DDoS attacks, botnet management, fraudulent online shops and the distribution of spam.

"The suspects marketed privacy as a key feature of this service, using slogans such as, 'You can host anything here!' and 'no-log policy.' Payments were to be made in cryptocurrencies," Europol said.

Two of the Polish detainees will remain in pretrial police custody for at least the next three months. Polish law enforcement said it has confiscated hundreds of servers containing tens of terabytes of data.

Among the features that made LolekHosted attractive to its criminal clientele were frequent changes of the server IP addresses, the ability to register accounts using false information, a disregard for abuse complaints made by third parties, and notification of any legal inquiries from law enforcement.


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.