Law enforcement agencies have arrested five individuals and seized servers belonging to the Lolek bulletproof hosting provider for allegedly facilitating Netwalker ransomware attacks and other malicious activities. Bulletproof hosting providers are hosting companies that turn a blind eye to reports of criminal activity or the hosting of copyrighted material on their servers. Cybercriminals prefer these types of hosting providers over traditional companies, as they can launch cybercrime campaigns without fear of being shut down after malicious activity is reported.
Lolek’s Promises of Privacy and No-Log Policy
Lolek promoted itself as a “100% privacy hosting” service with a no-log policy, meaning they do not log any activity on its servers or routers that could be used to incriminate customers. However, the FBI and IRS, with support from Europol, seized Lolek and arrested five administrators in Poland. Europol says that Lolek was seized as cybercriminals used its servers to launch DDoS attacks, distribute information-stealing malware, host command and control servers, host fake online shops, and conduct spam campaigns.
Artur Karol Grabowski Charged with Facilitating Cybercrime
The US Department of Justice announced that a Polish national named Artur Karol Grabowski was charged with the operation of LolekHosted. While it is unclear if Grabowski was one of the administrators arrested in Poland, the DOJ says he facilitated cybercrime by allowing customers to register under fake names, frequently changing the IP address of servers, and notifying customers of legal inquiries. The DOJ also states that Grabowski allegedly aided the now-disrupted ransomware operation known as Netwalker by renting servers used in over 50 attacks to breach networks and store stolen data and hacking tools.
Seizure of Lolek and the Fight Against Bulletproof Hosting Providers
Law enforcement seized the bulletproof hosting provider’s servers on August 8th in an operation led by the FBI and IRS, with Europol providing support linking available data to various criminal cases within and outside the EU, as well as tracing cryptocurrency transactions. As bulletproof hosting providers have become a significant component in malware distribution and cybercrime, law enforcement has been actively targeting these platforms. Grabowski now faces charges of computer fraud conspiracy, wire fraud conspiracy, and international money laundering, and if convicted of all, could receive 45 years of jail time.