The US Department of Justice has unsealed an indictment of a 36-year-old Polish national Artur Karol Grabowski for allegedly operating a bulletproof hosting company LolekHosted.
The LolekHosted service was dismantled last week by the Polish authorities, with five of its key administrators arrested and the provider’s servers seized.
The authorities said that LolekHosted, which has been in operation since 2014, provided malicious actors with “bulletproof” webhosting services that they used for various nefarious activities such as malware distribution (including the NetWalker ransomware), DDoS attacks, email spam campaigns, and scam operations.
According to the DoJ, threat actors used LolekHosted to execute about 50 NetWalker ransomware attacks against multiple organizations across the globe.
“Grabowski allegedly facilitated the criminal activities of LolekHosted clients by allowing clients to register accounts using false information, not maintaining Internet Protocol (IP) address logs of client servers, frequently changing the IP addresses of client servers, ignoring abuse complaints made by third parties against clients, and notifying clients of legal inquiries received from law enforcement,” the DoJ said. “Grabowski registered the domain “LolekHosted.net” in 2014, and advertised that its services were “bulletproof,” provided “100% privacy hosting,” and allowed clients to host “everything except child porn.”
LolekHosted’s operator was charged with computer fraud conspiracy, wire fraud conspiracy, and international money laundering. He could face up to 45 years in prison, if found guilty.