Ethical Hacking News
US authorities have indicted Black Kingdom ransomware admin Rami Khaled Ahmed for his alleged role in carrying out 1,500 attacks on Microsoft Exchange servers worldwide. If convicted, he faces up to five years in federal prison for each charge.
Rami Khaled Ahmed, also known as "Black Kingdom," has been indicted for carrying out 1,500 attacks on Microsoft Exchange servers worldwide. Ahmed deployed Black Kingdom ransomware against computer servers owned by organizations globally, with the FBI collaborating with New Zealand Police to investigate. The indictment states that Ahmed and others infected computer networks of several US-based victims between March 2021 and June 2023. If convicted, Ahmed faces up to five years in federal prison for each charge. The Black Kingdom ransomware operation is believed to have originated in late February 2020. International cooperation is crucial in combating cybercrime, as demonstrated by the collaboration between US authorities and the New Zealand Police.
The world of cybersecurity has witnessed numerous high-profile attacks and malicious operations in recent years. One such case that has garnered significant attention is the indictment of a 36-year-old Yemeni national, Rami Khaled Ahmed, also known as "Black Kingdom," for his alleged role in carrying out 1,500 attacks on Microsoft Exchange servers worldwide. This article aims to delve into the details of this case and explore the implications of such malicious activities.
According to recent reports, US authorities have indicted Ahmed for his involvement in deploying Black Kingdom ransomware against computer servers owned by organizations globally. The FBI is collaborating with the New Zealand Police to investigate this matter further. It is worth noting that Ahmed is believed to be residing in Yemen.
The indictment states that from March 2021 to June 2023, Ahmed and others infected computer networks of several US-based victims, including a medical billing services company in Encino, a ski resort in Oregon, a school district in Pennsylvania, and a health clinic in Wisconsin. The ransomware either encrypted data from victims' computer networks or claimed to take that data from the networks.
When the malware was successful, it created a ransom note on the victim's system directing them to send $10,000 worth of Bitcoin to a cryptocurrency address controlled by a co-conspirator and to send proof of this payment to a Black Kingdom email address. If convicted, Ahmed faces up to five years in federal prison for each charge.
The Black Kingdom ransomware operation is believed to have originated in late February 2020, when security researcher GrujaRS first spotted it. The ransomware encrypts files and appends the .DEMON extension to filenames of the encrypted documents. In June 2020, the group started targeting organizations using unpatched Pulse Secure VPN software to deploy their malware.
In March 2021, the group expanded its operations by leveraging the availability online of the ProxyLogon PoC exploit code, which allowed it to target vulnerable Exchange mail servers. The popular researcher Marcus Hutchins was among the first to report on the activity of the Black Kingdom group.
The expert pointed out that the ransomware gang initially dropped a ransom note demanding a payment of $10,000 worth of Bitcoin but failed to encrypt files. However, the group later fixed its problems and can now encrypt the files on compromised Exchange servers.
In light of this case, it is essential for organizations worldwide to take proactive measures to protect themselves against such malicious attacks. This includes ensuring that all software is up-to-date, implementing robust security protocols, and conducting regular cybersecurity audits.
Furthermore, the indictment highlights the importance of international cooperation in combating cybercrime. The collaboration between US authorities and the New Zealand Police demonstrates a concerted effort to address this growing threat.
In conclusion, the indictment of Rami Khaled Ahmed for his alleged role in carrying out 1,500 attacks on Microsoft Exchange servers serves as a stark reminder of the dangers posed by ransomware operations worldwide. As cybersecurity threats continue to evolve, it is crucial that organizations and governments work together to develop effective strategies to combat these malicious activities.
Related Information:
https://www.ethicalhackingnews.com/articles/Black-Kingdom-Ransomware-Admin-Indicted-by-US-Authorities-for-1500-Attacks-on-Microsoft-Exchange-Servers-ehn.shtml
https://securityaffairs.com/177423/cyber-crime/us-authorities-have-indicted-black-kingdom-ransomware-admin.html
Published: Sun May 4 20:01:44 2025 by llama3.2 3B Q4_K_M
