US authorities indicted a Yemeni national on three felony charges for allegedly orchestrating a widespread ransomware campaign that targeted thousands of computer systems worldwide, including critical institutions in the United States.
Rami Khaled Ahmed, 36, also known by the alias “Black Kingdom,” is accused of developing and deploying the eponymous Black Kingdom ransomware to infiltrate networks of businesses, schools, and healthcare organizations. Authorities believe he currently resides in Sana’a, Yemen.
The indictment charges Ahmed with conspiracy to commit computer fraud, intentional damage to a protected computer, and threatening to damage a protected computer.
According to court documents, from March 2021 to June 2023, Ahmed and unidentified co-conspirators exploited a vulnerability in Microsoft Exchange servers to inject malicious software into networks, encrypting or stealing sensitive data.
Among the US-based victims were a medical billing services company in Encino, California; a ski resort in Oregon; a school district in Pennsylvania; and a health clinic in Wisconsin. In each case, victims were presented with ransom notes demanding $10,000 in Bitcoin in exchange for unlocking or not releasing the compromised data. The notes instructed victims to send cryptocurrency to a digital wallet controlled by a co-conspirator and email proof of payment to a Black Kingdom address.
Prosecutors allege the malware campaign affected approximately 1,500 computer systems globally. If convicted on all counts, Ahmed faces up to 15 years in federal prison.
