A Yemeni national, who goes by the moniker "Black Kingdom," has been indicted on charges of unleashing ransomware that wreaked havoc on numerous U.S. institutions, including hospitals and schools. The U.S. Department of Justice announced that Rami Khaled Ahmed, a 36-year-old from Sana'a, Yemen, is facing three federal charges: conspiracy, intentional damage to a protected computer, and threatening to cause damage to a protected computer.
The indictment details an operation spanning from March 2021 to June 2023, where Ahmed and his associates targeted several American organizations and deployed the Black Kingdom ransomware to exploit a known vulnerability in Microsoft Exchange, causing data encryption or transmission of data from the victims' computer networks and demanded $10,000 in Bitcoin to a cryptocurrency address to decrypt the data. Among the affected were a medical billing company based in Encino, a ski resort in Oregon, a school district in Pennsylvania, and a clinic in Wisconsin.
Allegedly, around 1,500 computer systems in the United States and other countries have felt the sting of the Black Kingdom malware, according to the indictment, which is a mere allegation, and all defendants in such cases are presumed innocent until proven guilty in a court of law. If convicted on all counts, Ahmed could face up to 15 years in a federal prison, as each count carries a maximum sentence of five years.
The investigation, which brought these charges to light, involved collaboration between the FBI and the New Zealand Police, while Assistant United States Attorneys Angela C. Makabali and Alexander Gorin of the Cyber and Intellectual Property Crimes Section handled the prosecution of the case.
