Black Kingdom Ransomware Developer, a Yemeni Resident Charged by the U.S. DOJ

• A man residing in Yemen has been charged three counts including developing and deploying ransomware
• Rami Khaled Ahmed allegedly targeted approximately 1,500 computer systems
• Ahmed is suspected to have launched the Black Kingdom ransomware and demanded $10K in ransom

A member of the ransomware group Black Kingdom has been charged by the Department of Justice (DOJ) for targeting businesses, schools, and medical clinics in the U.S. with malware. Ahmed along with his accomplice targeted U.S.-based companies and others amounting to about 1,500 cyber attacks.

Rami Khaled Ahmed, 36, believed to be a Yemeni national is suspected to be a member of the group deploying the Black Kingdom malware on systems including Encino, a medical billing services company in the San Fernando Valley.

Among the targets were a ski resort in Oregon, a school district in Pennsylvania, and a health clinic in Wisconsin among others, a press release by the DOJ stated.

Ahmed also developed the Black Kingdom ransomware which was used to exploit Microsoft Exchange vulnerabilities. The ransomware encrypted computer data and left a ransom note on the machine demanding a ransom of $10,000 worth of Bitcoin.

It would post a cryptocurrency address by the group members. Victims were threatened to pay the ransom and were forced to email screenshots of payment details as proof.

He is charged in three-counts including conspiracy, intentional damage to a protected computer, and threatening to damage a protected computer. If proven guilty, Ahmed stands a maximum sentence of five years for each count of fraud.

The matter is still under investigation with assistance from the New Zealand Police.