An indictment was unsealed in Tampa, Florida, charging a Polish national with computer fraud conspiracy, wire fraud conspiracy, and international money laundering in connection with the provision of “bulletproof” web hosting services that facilitated the operation of ransomware attacks and the subsequent laundering of the illicit proceeds.
According to court documents, Artur Karol Grabowski, 36, operated a web hosting company named LolekHosted.
Cybercriminals rely on these types of hosting providers over traditional companies, as they can launch crime campaigns without fear that they will be shut down after malicious activity is reported.
Through LolekHosted, Grabowski provided secure web hosting designed to facilitate malicious and criminal activities, including ransomware, brute-force attacks, and phishing.
Grabowski allegedly facilitated the criminal activities of LolekHosted clients by allowing clients to register accounts using false information, not maintaining Internet Protocol (IP) address logs of client servers, frequently changing the IP addresses of client servers, ignoring abuse complaints made by third parties against clients, and notifying clients of legal inquiries received from law enforcement.
Grabowski registered the domain “LolekHosted.net” in 2014, and advertised that its services were “bulletproof,” provided “100% privacy hosting,” and allowed clients to host “everything except child porn.”
The NetWalker ransomware was one of the ransomware variants facilitated by LolekHosted.
The NetWalker ransomware was deployed on approximately 400 victim company networks, including municipalities, hospitals, law enforcement and emergency services, school districts, colleges, and universities, which resulted in the payment of more than 5,000 bitcoin in ransoms currently valued at approximately $146 million.
LolekHosted clients used its services to execute approximately 50 NetWalker ransomware attacks on victims located all over the world, including in the Middle District of Florida.
Specifically, clients used the servers of LolekHosted as intermediaries when gaining unauthorized access to victim networks, and to store hacking tools and data stolen from victims.
On Aug. 8, U.S. authorities seized LolekHosted.net, the domain name LolekHosted used for nearly a decade.
Visitors to LolekHosted.net will now find a seizure banner that notifies them that the domain name has been seized by federal authorities.
The U.S. District Court for the Middle District of Florida issued the seizure warrant.
If convicted on all counts, Grabowski faces a maximum penalty of 45 years in prison. The indictment also notifies Grabowski that the United States is seeking an order of forfeiture in the amount of $21.5 million, the proceeds of the charged criminal conduct.
A release from the DOJ said Grabowski remains a fugitive but the European Union Agency for Law Enforcement Cooperation said the Polish Central Cybercrime Bureau under the supervision of the Regional Prosecutor’s Office in Katowice arrested five individuals and seized servers allegedly used for facilitating Netwalker ransomware attacks and other malicious activities.
Polish police said they “detained 8 members of an organized criminal group providing web hosting services”
While the FBI and IRS declined to comment on the investigation, Europol announced the seizure of Lolek and the arrest of eight server administrators in Poland, including the person in charge of the whole operation.
“This week, the Polish Central Cybercrime Bureau (Centralne Biuro Zwalczania Cyberprzestępczości) under the supervision of the Regional Prosecutor’s Office in Katowice (Prokuratura Regionalna w Katowicach) took action against LolekHosted.net, a bulletproof hosting service used by criminals to launch cyber-attacks across the world,” reads Europol’s announcement. “Five of its administrators were arrested, and all of its servers seized, rendering LolekHosted.net no longer available.”
Discover more from NJTODAY.NET
Subscribe to get the latest posts to your email.