Police have taken down a Lolek bulletproof hosting service used by criminals to launch cyber-attacks across the world.
The takedown was part of a coordinated effort between the Polish Central Cybercrime Bureau and the US Department of Justice (DoJ), alongside support from Europol and the Federal Bureau of Investigation (FBI).
In a statement, Europol said: “Five of its administrators were arrested, and all of its servers seized, rendering LolekHosted.net no longer available.”
A DoJ announcement confirmed that a Polish national has been charged with computer fraud conspiracy. Unsealed court documents name the suspect as Artur Karol Grabowski, aged 36.
If convicted on all counts, Grabowski faces a maximum penalty of 45 years in prison. The indictment also notifies Grabowski that the United States is seeking an order of forfeiture in the amount of $21.5m, the proceeds of the charged criminal conduct. Grabowski remains a fugitive.
Bulletproof Hosting a Cyber Threat
What is bulletproof hosting? According to a definition from SentinelOne: “Security experts use the term “bulletproof hosting sites” to refer to hosting services that are considerably lenient about the kinds of material they allow their customers to upload and distribute.”
Europol noted that a “blind eye” is turned to what customers use the domain form for.
The complex investigation into LolekHosted.net revealed how the service facilitated the distribution information-stealing malware, and also the launching of distributed denial of service (DDoS) attacks, fictitious online shops, Botnet server management and distribution of spam messages worldwide, Europol said.
Notable marketing slogans for the service included: “You can host anything here!” and “no-log policy.” Payments were to be made in cryptocurrencies.
The DoJ added: “Grabowski registered the domain LolekHosted.net in 2014, and advertized that its services were ‘bulletproof,’ provided ‘100% privacy hosting,’ and allowed clients to host ‘everything except child porn’.”
Ransomware
The NetWalker ransomware was one of the ransomware variants facilitated by LolekHosted.net, according to the DoJ. NetWalker ransomware was deployed on approximately 400 victim company networks, including municipalities, hospitals, law enforcement and emergency services, school districts, colleges, and universities, which resulted in the payment of more than 5,000 bitcoin in ransoms (currently valued at approximately $146m).
A coordinated international law enforcement action to disrupt NetWalker was announced by the DoJ in 2021 and a defendant was charged alongside $500,000 seized.
Research from McAfee in 2020 said that NetWalker had made $25m in just a matter of months. The ransomware first appeared in 2019.