Cybercriminals Operating Major Ransomware Hosting Service Arrested In Poland

By SCARS Editorial Team – Society of Citizens Against Relationship Scams Inc., portions Department of Justice and Europol
Cybercriminals Running Bulletproof Webhosting Domain Charged in Connection with Facilitation of NetWalker Ransomware

Cybercriminals Running ‘Bulletproof’ Webhosting Domain Charged in Connection with Facilitation of ‘NetWalker’ Ransomware

U.S. Authorities, along with Europol Announce Court-Authorized Seizure of LolekHosted.net

5 European cybercriminals were also arrested!

Table of contents

An indictment was unsealed yesterday in Tampa, Florida, USA charging a Polish national with computer fraud conspiracy, wire fraud conspiracy, and international money laundering in connection with the provision of “bulletproof” web hosting services that facilitated the operation of ransomware attacks and the subsequent laundering of the illicit proceeds.

  • U.S. Prosecutors seized a ransomware hosting service with the help of European law enforcement, arrested 5, and the U.S. charged its founder with wire fraud and computer fraud over his role in extorting 5,000 bitcoin, worth nearly $146 million at today’s prices, in ransom.
  • The service, LolekHosted, allegedly powered ransomware attacks around the world for nearly a decade.
  • The Polish founder, Artur Grabowski, remains a fugitive in possession of nearly $22 million in ill-gotten gains, U.S. federal prosecutors allege.

The Story

United States Federal prosecutors announced that they had indicted the alleged mastermind behind a ransomware hosting service, a cybercriminal accused of aiding criminals in accumulating over 5,000 bitcoin in ransom from numerous victims. The current valuation of this Bitcoin stash exceeds $146 million.

He was able to operate for approximately a decade. Artur Grabowski’s LolekHosted service presented itself as a safe haven for various online cybercriminal activities, except for illicit content like child pornography, as stated by prosecutors in Florida. This platform reportedly facilitated the deployment of ransomware viruses by clients, which managed to infiltrate around 400 networks globally. Ransomware attacks commonly involve encrypting data on a victim organization’s computers, rendering them unusable until a ransom is paid.

The accused Polish citizen Grabowski and his alleged co-conspirators (5 were arrested) are said to have ignored law enforcement requests, shielded criminal elements from takedowns, and gained substantial profits from their service.

Grabowski is facing charges related to computer fraud, wire fraud, and conspiracy to commit international money laundering. Furthermore, a seizure order totaling $21.5 million has been issued against him.

The indictment against Grabowski was revealed in a Florida court on Wednesday, yet he currently remains at large.

According to the charging document, three other co-conspirators remain unindicted and unnamed in the scheme.

The “100% privacy hosting” service that Grabowski operated was seized by the IRS’ Criminal Investigation unit and the Federal Bureau of Investigation on Tuesday, August 8th. A citizen of Poland, Grabowski could face a maximum prison term of 45 years if he is apprehended and convicted.

Federal prosecutors have significantly escalated their efforts to counter ransomware attacks. Earlier this year, the Justice Department introduced a dedicated unit focused on combatting cyber threats to national security.

While numerous ransomware prosecutions have been disclosed in U.S. courts, the global dispersion of these perpetrators makes it uncertain how many will ultimately face incarceration.

According to the U.S. Court Documents:

Artur Karol Grabowski, 36, operated a web hosting company named LolekHosted. Through LolekHosted, Grabowski provided “bulletproof” webhosting services, which is secure web hosting designed to facilitate malicious and criminal activities, including ransomware, brute-force attacks, and phishing. Grabowski allegedly facilitated the criminal activities of LolekHosted clients by allowing clients to register accounts using false information, not maintaining Internet Protocol (IP) address logs of client servers, frequently changing the IP addresses of client servers, ignoring abuse complaints made by third parties against clients, and notifying clients of legal inquiries received from law enforcement. Grabowski registered the domain “LolekHosted.net” in 2014, and advertised that its services were “bulletproof,” provided “100% privacy hosting,” and allowed clients to host “everything except child porn.”

The NetWalker ransomware was one of the ransomware variants facilitated by LolekHosted. The NetWalker ransomware was deployed on approximately 400 victim company networks, including municipalities, hospitals, law enforcement and emergency services, school districts, colleges, and universities, which resulted in the payment of more than 5,000 bitcoin in ransoms (currently valued at approximately $146 million). LolekHosted clients used its services to execute approximately 50 NetWalker ransomware attacks on victims located all over the world, including in the Middle District of Florida. Specifically, clients used the servers of LolekHosted as intermediaries when gaining unauthorized access to victim networks, and to store hacking tools and data stolen from victims.

On Aug. 8, U.S. authorities seized LolekHosted.net, the domain name LolekHosted used for nearly a decade. Visitors to LolekHosted.net will now find a seizure banner that notifies them that the domain name has been seized by federal authorities. The U.S. District Court for the Middle District of Florida issued the seizure warrant.

If convicted on all counts, Grabowski faces a maximum penalty of 45 years in prison. The indictment also notifies Grabowski that the United States is seeking an order of forfeiture in the amount of $21.5 million, the proceeds of the charged criminal conduct. Grabowski remains a fugitive.

Acting Assistant Attorney General Nicole M. Argentieri of the Justice Department’s Criminal Division and U.S. Attorney Roger B. Handberg for the Middle District of Florida made the announcement.

The FBI Tampa Field Office is investigating the case, with assistance from the IRS Criminal Investigation Cyber Crimes Unit.

Trial Attorney Sonia V. Jimenez of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorneys Carlton C. Gammons and Suzanne Nebesky for the Middle District of Florida are prosecuting the case.

Substantial assistance was provided by the Justice Department’s Office of International Affairs and the FBI’s Legal Attaché Office in Warsaw, Poland. Polish authorities also provided substantial assistance.

According to Europol:

5 arrested in Poland for running bulletproof hosting service for cybercrime gangs

the Polish Central Cybercrime Bureau (Centralne Biuro Zwalczania Cyberprzestępczości) under the supervision of the Regional Prosecutor’s Office in Katowice (Prokuratura Regionalna w Katowicach) took action against LolekHosted.net, a bulletproof hosting service used by criminals to launch cyber-attacks across the world.

Five of its administrators were arrested, and all of its servers seized, rendering LolekHosted.net no longer available.

This latest success in the fight against cybercrime follows a complex investigation supported by Europol and the US Federal Bureau of Investigation (FBI).

Criminal hideouts for lease

Bulletproof hosting is a service in which an online infrastructure is offered, and operators will generally turn a blind eye to what customers use their rented domains for.

However, being willing to ignore the transgressions of clients does not mean that law enforcement will take the same stance.

The complex investigation into LolekHosted.net revealed how the service facilitated the distribution information-stealing malware, and also the launching of DDoS (distributed denial of service) attacks, fictitious online shops, Botnet server management and distribution of spam messages worldwide.

The suspects marketed privacy as a key feature of this service, using slogans such as “You can host anything here!” and “no-log policy”. Payments were to be made in cryptocurrencies.

European coordination

Europol’s European Cybercrime Centre (EC3) provided analytical support linking available data to various criminal cases within and outside the EU, and supported the investigation through operational analysis, crypto tracing, and forensic analysis.

The Joint Cybercrime Action Taskforce (J-CAT) hosted at Europol’s headquarters facilitated the information exchange. This standing operational team consists of cybercrime liaison officers from different countries who work on high-profile cybercrime investigations.

Resources:

Police dismantled cybercriminals bulletproof hosting service provider Lolek Hosted

-/ 30 /-

What do you think about this?
Please share your thoughts in a comment below!

More ScamsNOW.com Articles

SCARS LINKS:   AgainstScams.org    RomanceScamsNOW.com    ContraEstafas.org    ScammerPhotos.com    Anyscam.com    ScamsNOW.com

reporting.AgainstScams.org    support.AgainstScams.org    membership.AgainstScams.org    donate.AgainstScams.org    shop.AgainstScams.org

youtube.AgainstScams.org    linkedin.AgainstScams.org    facebook.AgainstScams.org

PLEASE NOTE: Psychology Clarification

The following specific modalities within the practice of psychology are restricted to psychologists appropriately trained in the use of such modalities:

  • Diagnosis: The diagnosis of mental, emotional, or brain disorders and related behaviors.
  • Psychoanalysis: Psychoanalysis is a type of therapy that focuses on helping individuals to understand and resolve unconscious conflicts.
  • Hypnosis: Hypnosis is a state of trance in which individuals are more susceptible to suggestion. It can be used to treat a variety of conditions, including anxiety, depression, and pain.
  • Biofeedback: Biofeedback is a type of therapy that teaches individuals to control their bodily functions, such as heart rate and blood pressure. It can be used to treat a variety of conditions, including stress, anxiety, and pain.
  • Behavioral analysis: Behavioral analysis is a type of therapy that focuses on changing individuals’ behaviors. It is often used to treat conditions such as autism and ADHD.
    Neuropsychology: Neuropsychology is a type of psychology that focuses on the relationship between the brain and behavior. It is often used to assess and treat cognitive impairments caused by brain injuries or diseases.

SCARS and the members of the SCARS Team do not engage in any of the above modalities in relationship to scam victims. SCARS is not a mental healthcare provider and recognizes the importance of professionalism and separation between its work and that of the licensed practice of psychology.

SCARS is an educational provider of generalized self-help information that individuals can use for their own benefit to achieve their own goals related to emotional trauma. SCARS recommends that all scam victims see professional counselors or therapists to help them determine the suitability of any specific information or practices that may help them.

SCARS cannot diagnose or treat any individuals, nor can it state the effectiveness of any educational information that it may provide, regardless of its experience in interacting with traumatized scam victims over time. All information that SCARS provides is purely for general educational purposes to help scam victims become aware of and better understand the topics and to be able to dialog with their counselors or therapists.

It is important that all readers understand these distinctions and that they apply the information that SCARS may publish at their own risk, and should do so only after consulting a licensed psychologist or mental healthcare provider.

Opinions

The opinions of the author are not necessarily those of the Society of Citizens Against Rleationship Scams Inc. The author is solely responsible for the content of their work. SCARS is protected under the Communications Decency Act (CDA) section 230 from liability.

Disclaimer:

SCARS IS A DIGITAL PUBLISHER AND DOES NOT OFFER HEALTH OR MEDICAL ADVICE, LEGAL ADVICE, FINANCIAL ADVICE, OR SERVICES THAT SCARS IS NOT LICENSED OR REGISTERED TO PERFORM.

IF YOU’RE FACING A MEDICAL EMERGENCY, CALL YOUR LOCAL EMERGENCY SERVICES IMMEDIATELY, OR VISIT THE NEAREST EMERGENCY ROOM OR URGENT CARE CENTER. YOU SHOULD CONSULT YOUR HEALTHCARE PROVIDER BEFORE FOLLOWING ANY MEDICALLY RELATED INFORMATION PRESENTED ON OUR PAGES.

ALWAYS CONSULT A LICENSED ATTORNEY FOR ANY ADVICE REGARDING LEGAL MATTERS.

A LICENSED FINANCIAL OR TAX PROFESSIONAL SHOULD BE CONSULTED BEFORE ACTING ON ANY INFORMATION RELATING TO YOUR PERSONAL FINANCES OR TAX RELATED ISSUES AND INFORMATION.

SCARS IS NOT A PRIVATE INVESTIGATOR – WE DO NOT PROVIDE INVESTIGATIVE SERVICES FOR INDIVIDUALS OR BUSINESSES. ANY INVESTIGATIONS THAT SCARS MAY PERFORM IS NOT A SERVICE PROVIDED TO THIRD-PARTIES. INFORMATION REPORTED TO SCARS MAY BE FORWARDED TO LAW ENFORCEMENT AS SCARS SEE FIT AND APPROPRIATE.

This content and other material contained on the website, apps, newsletter, and products (“Content”), is general in nature and for informational purposes only and does not constitute medical, legal, or financial advice; the Content is not intended to be a substitute for licensed or regulated professional advice. Always consult your doctor or other qualified healthcare provider, lawyer, financial, or tax professional with any questions you may have regarding the educational information contained herein. SCARS makes no guarantees about the efficacy of information described on or in SCARS’ Content. The information contained is subject to change and is not intended to cover all possible situations or effects. SCARS does not recommend or endorse any specific professional or care provider, product, service, or other information that may be mentioned in SCARS’ websites, apps, and Content unless explicitly identified as such.

The disclaimers herein are provided on this page for ease of reference. These disclaimers supplement and are a part of SCARS’ website’s Terms of Use

Legal Notices: 

All original content is Copyright © 1991 – 2023 Society of Citizens Against Relationship Scams Inc. (Registered D.B.A SCARS) All Rights Reserved Worldwide & Webwide. Third-party copyrights acknowledge.

U.S. State of Florida Registration Nonprofit (Not for Profit) #N20000011978 [SCARS DBA Registered #G20000137918] – Learn more at www.AgainstScams.org

SCARS, SCARS|INTERNATIONAL, SCARS, SCARS|SUPPORT, SCARS, RSN, Romance Scams Now, SCARS|INTERNATION, SCARS|WORLDWIDE, SCARS|GLOBAL, SCARS, Society of Citizens Against Relationship Scams, Society of Citizens Against Romance Scams, SCARS|ANYSCAM, Project Anyscam, Anyscam, SCARS|GOFCH, GOFCH, SCARS|CHINA, SCARS|CDN, SCARS|UK, SCARS|LATINOAMERICA, SCARS|MEMBER, SCARS|VOLUNTEER, SCARS Cybercriminal Data Network, Cobalt Alert, Scam Victims Support Group, SCARS ANGELS, SCARS RANGERS, SCARS MARSHALLS, SCARS PARTNERS, are all trademarks of Society of Citizens Against Relationship Scams Inc., All Rights Reserved Worldwide

Contact the legal department for the Society of Citizens Against Relationship Scams Incorporated by email at legal@AgainstScams.org