Yemeni National Indicted for Black Kingdom Ransomware Attacks

The U.S. Department of Justice (DOJ) has unsealed a three-count federal grand jury indictment against Rami Khaled Ahmed, a 36-year-old Yemeni national, accusing him of being the mastermind behind the “Black Kingdom” ransomware campaign that targeted hospitals, schools, and businesses across the United States and abroad.

According to the DOJ, Ahmed—also known by the alias “Black Kingdom”—has been charged with conspiracy, intentional damage to protected computers, and threatening damage to protected computers. He is believed to be residing in Sana’a, Yemen, and is currently at large.

From March 2021 to June 2023, Ahmed and his co-conspirators conducted a ransomware spree, compromising the systems of numerous U.S.-based organizations. The indictment details attacks on:

A medical billing services company in Encino, California
A ski resort in Oregon
A school district in Pennsylvania
A health clinic in Wisconsin

Ahmed’s weapon of choice was a ransomware strain known as Black Kingdom, which exploited known vulnerabilities in Microsoft Exchange servers to gain unauthorized access.

“Ahmed developed and deployed Black Kingdom ransomware to exploit a vulnerability in Microsoft Exchange,” the DOJ explained.

Once inside, the ransomware either encrypted data or exfiltrated sensitive information, and left behind ransom notes demanding payment of $10,000 in Bitcoin, along with instructions to send proof of payment to a designated Black Kingdom email address.

The DOJ alleges that during the operation, the Black Kingdom group infected approximately 1,500 computer systems across the United States and internationally.

If convicted, Ahmed faces a maximum sentence of five years per count, totaling up to 15 years in federal prison.

Rate this post

Related Posts:

Leave a Reply Cancel reply