Alleged LolekHosted bulletproof service operator charged in the US

Alleged LolekHosted bulletproof service operator charged in the US

The US Department of Justice has unsealed an indictment of a 36-year-old Polish national Artur Karol Grabowski for allegedly operating a bulletproof hosting company LolekHosted.

The LolekHosted service was dismantled last week by the Polish authorities, with five of its key administrators arrested and the provider’s servers seized.

The authorities said that LolekHosted, which has been in operation since 2014, provided malicious actors with “bulletproof” webhosting services that they used for various nefarious activities such as malware distribution (including the NetWalker ransomware), DDoS attacks, email spam campaigns, and scam operations.

According to the DoJ, threat actors used LolekHosted to execute about 50 NetWalker ransomware attacks against multiple organizations across the globe.

“Grabowski allegedly facilitated the criminal activities of LolekHosted clients by allowing clients to register accounts using false information, not maintaining Internet Protocol (IP) address logs of client servers, frequently changing the IP addresses of client servers, ignoring abuse complaints made by third parties against clients, and notifying clients of legal inquiries received from law enforcement,” the DoJ said. “Grabowski registered the domain “LolekHosted.net” in 2014, and advertised that its services were “bulletproof,” provided “100% privacy hosting,” and allowed clients to host “everything except child porn.”

LolekHosted’s operator was charged with computer fraud conspiracy, wire fraud conspiracy, and international money laundering. He could face up to 45 years in prison, if found guilty.

Back to the list

Latest Posts

Cyber Security Week in Review: April 25, 2025

Cyber Security Week in Review: April 25, 2025

In brief: A SAP NetWeaver zero-day bug exploited in the wild, DslogdRAT exploits a recent Ivanti flaw, and more.
25 April 2025
ToyMaker: Financially-motivated IAB that sells access to ransomware gangs

ToyMaker: Financially-motivated IAB that sells access to ransomware gangs

ToyMaker is believed to be behind the custom backdoor dubbed ‘LAGTOY.’
24 April 2025
DragonForce and Anubis ransomware ops use novel models to attract affiliates and boost profits

DragonForce and Anubis ransomware ops use novel models to attract affiliates and boost profits

DragonForce introduced a distributed affiliate branding model.
23 April 2025