The police have shut down a bulletproof hosting business in Lolek that was being used to conduct global cyberattacks.
Together with the assistance of Europol and the Federal Bureau of Investigation (FBI), the Polish Central Cybercrime Bureau and the United States Department of Justice (DoJ) carried out the takedown.
The website LolekHosted.net is no longer accessible after Europol said that “five of its administrators were arrested and all of its servers seized”.
A Polish citizen was prosecuted with conspiracy to commit computer fraud, according to a Department of Justice press release. The culprit, 36-year-old Artur Karol Grabowski, has been identified in unsealed court records.
If found guilty on all charges, Grabowski may spend 45 years in jail. The indictment also informs Grabowski that the United States is pursuing a forfeiture order for the sum of $21.5m, which represents the profits of the alleged illegal activity.
How ‘bulletproof hosts’ cast a blind eye to illicit activities
What is bulletproof hosting? When web hosts have a particularly lax content policy, the phrase “bulletproof hosting sites” is often used by security professionals. According to Europol, a “blind eye” is turned to how the domain is really being used by its clients.
Europol’s thorough investigation into LolekHosted.net allegedly revealed that the service was used to spread malware that steals personal information, as well as to launch DDoS attacks, create fake online stores, manage Botnet servers, and spam people all over the world.
Notable marketing slogans for the service included: “You can host anything here!” with a “no-log policy”. Bitcoin and other cryptocurrencies were used as payment.
According to the DOJ, Grabowski registered the name LolekHosted.net in 2014 and advertised services that claimed to be “bulletproof”, give “100% privacy hosting”, and let customers to host “almost anything”.
Used for spreading ransomware
The DoJ claims that LolekHosted.net enabled the spread of many types of ransomware, including the NetWalker virus.
More than 5,000 bitcoin in ransoms were paid (currently valued at around $146m), after the deployment of NetWalker ransomware against the online privacy of approximately 400 victim company networks, including hospitals, municipalities, emergency services and law enforcement, colleges, school districts, and universities.
The Department of Justice (DoJ) launched a concerted worldwide law enforcement campaign to influence NetWalker and a defendant was prosecuted in addition to seizing $500k in 2021.
In 2020, McAfee said that NetWalker had generated $25 million in a short period of time. In 2019, ransomware made its debut.
Takeaway
Over a decade, LolekHosted reportedly allowed at least 400 cyberattacks.
Five people have been arrested and the bulletproof web hosting service LolekHosted has been seized by law enforcement on suspicion of being used to launch ransomware attacks and other forms of cybercrime.
Bulletproof hosting companies consciously choose not to monitor their customers' actions. US investigators said that LolekHosted allowed customers to host “everything but underage porn”, thanks to the company's guarantee of complete anonymity.
Over the course of the provider's first decade of service, at least 400 networks around the world were likely attacked utilising the provider's domains.
The worldwide battle against malware assaults and cybercrime continues, with this collaborative investigation sponsored by Europol and the FBI being the last effort.
