A Yemeni man has been charged in a federal indictment accusing him of deploying "Black Kingdom" ransomware to extort businesses, schools, and medical clinics. The indictment, presented in Los Angeles, involves charges against Rami Khaled Ahmed, 36, who also goes by the alias "Black Kingdom." Ahmed, from Sana’a, Yemen, faces allegations of conspiracy, intentional damage to a protected computer, and threatening damage to a protected computer. He is believed to be in Yemen.
The charges state that Ahmed, along with others, introduced the Black Kingdom ransomware to computer networks belonging to various U.S. victims from March 2021 to June 2023. These victims include a medical billing services company in Encino, a ski resort in Oregon, a school district in Pennsylvania, and a health clinic in Wisconsin. Ahmed allegedly developed and used the malware, exploiting a vulnerability in Microsoft Exchange systems.
The ransomware either encrypted data on the victims' networks or claimed to have extracted it. Subsequently, a ransom note appeared on the affected system, demanding $10,000 worth of Bitcoin be sent to a specific cryptocurrency address. Victims were also instructed to send confirmation of payment to a designated email.
It is alleged that the Black Kingdom conspirators transmitted the malware to about 1,500 computer systems in the United States and elsewhere.
The indictment against Ahmed is an allegation, and he is presumed innocent until proven guilty in court. If found guilty, Ahmed faces a potential sentence of up to five years in federal prison for each count.
The FBI, with help from the New Zealand Police, is involved in the investigation. Assistant United States Attorneys Angela C. Makabali and Alexander Gorin from the Cyber and Intellectual Property Crimes Section are leading the prosecution.