U.S. Indicts Administrator of ‘Bulletproof’ Ransomware Service Provider
U.S. authorities indicted Friday a Polish national on charges that he allegedly administered a “bulletproof” web-hosting service provider that helped facilitate ransomware and other cybercrimes for its clients.
Artur Karol Grabowski, 36, of Poland is the alleged man behind the domain LolekHosted.net, a website designed to provide its clients with the means to carry out malicious cybercrime attacks against their victims for profit, the U.S. Department of Justice (DOJ) said.
Created in 2014, LolekHosted was advertised as “bulletproof,” in that it guaranteed the facilitation of malicious online activity such as ransomware, brute-force attacks, and phishing.
In addition to guaranteed results, the site also provided “100% privacy hosting” and allowed users to conduct “everything except child porn” when it came to criminal activity, the DOJ said.
Users could rest easy knowing their privacy was secure thanks to various aspects of the site’s design. For instance, LolekHosted did not require users register with their authentic personal information and it didn’t keep Internet Protocol (IP) address logs of client servers.
Popular slogans such as “You can host anything here!” and “no-log policy” further gave users peace of mind that they could carry out whatever cybercrime machinations they desired without interference.
Grabowski faces several counts of fraud, wire fraud, and money laundering for his alleged crimes.
He also allegedly ensured that his customers stayed one step ahead of police, designing the site to notify users whenever law enforcement submitted legal enquiries into the site’s activities, investigators said.
One of the deadlier malwares facilitated by LolekHosted include the NetWalker ransomware, which was used to extort money out of no less than 400 networks belonging to hospitals, emergency services, and school districts.
Through approximately 50 NetWalker ransomware attacks, run through LolekHosted but carried out all over the world, authorities estimate that criminals made off with more than 5,000 Bitcoin, currently valued at roughly US$146 million.
Ransomware is designed to hijack a person or organization’s access to their computer files, encrypting the information within thereby making it hopelessly inaccessible until a ransom is paid to an untraceable source, usually in the form of Bitcoin.
It is not uncommon for cybercriminals to target sectors that would make its victims particularly vulnerable should they be rendered offline; examples include healthcare, critical infrastructure, energy, communications, water, and finance.
Some ransomware variants also engage in data theft, copying and stealing the encrypted data before the victim decides whether to pay for the decryption key or risk losing everything.
Authorities worldwide advise that victims do not pay the ransom, as it would only encourage further attacks. Systems previously held hostage also remain vulnerable to the same malware should criminals decide the “return to the well” and extort even more money out of an easy target.
Even in cases where the ransom is paid, there is no guarantee that victims will see their data returned. The promise is based solely on the word of their attackers.
After nine years of service, LolekHosted.net was seized by U.S. federal authorities on Aug.8, 2023 and taken down. The web address now leads to a banner displaying the site’s termination.
In addition to U.S. federal authorities, the case has drawn the attention of Europol’s European Cybercrime Centre, as well as Poland's Central Cybercrime Bureau and prosecutor’s office.
Polish authorities have since arrested five of the site’s administrators and seized all of its servers, thus rendering LolekHosted.net well and truly dead. Grabowski however, has yet to be captured and remains a fugitive.
If arrested and extradited to the U.S. to face trial, Grabowski faces a maximum penalty of 45 years in prison should he be convicted on all counts. He could be ordered to pay up to $21.5 million in restitution.