Yemeni National Charged with Using ‘Black Kingdom’ Ransomware Against Oregon Ski Resort and U.S. Businesses

Crime & Courts
By Lucille McNamara
Gavel - Courtroom - Oregon

A Yemeni national has been charged with using ‘Black Kingdom’ ransomware against computer servers, including a ski resort in Oregon, according to the California U.S. Attorney’s Office.

Rami Khaled Ahmed (36), aka “Black Kingdom,” is believed to be living in Yemen. He is charged with one count each of conspiracy, intentional damage to a protected computer, and threatening to damage a protected computer.

Ahmed allegedly used the ransomware against businesses, schools, and hospitals in the United States between March 2021 and June 2023.

Authorities says Ahmed played a key role in creating and launching the Black Kingdom ransomware, which targeted a vulnerability in Microsoft Exchange systems.

 

Ransomware Demanded $10,000 in Bitcoin

The U.S. Attorney’s Office reported that the ransomware locked victims out of their computer data or threatened to steal it. Once the malware successfully infiltrated a system, it left behind a ransom note demanding $10,000 in Bitcoin.

Victims were instructed to send proof of payment to a Black Kingdom email and transfer the cryptocurrency to a wallet believed to be managed by one of Ahmed’s partners.

Investigators believe the malware was spread to approximately 1,500 computers in the U.S. and internationally.

If found guilty, Ahmed could face up to five years in federal prison for each charge.

The FBI is investigating the matter, assisted by the New Zealand Police.

Prosecutors are Assistant United States Attorneys Angela C. Makabali and Alexander Gorin of the Cyber and Intellectual Property Crimes Section.

Morning Brief Newsletter
Sign up today for our daily newsletter, a quick overview of top local stories and Oregon breaking news delivered directly to your inbox
You can unsubscribe at any time
You might also like More from author
Leave A Reply

Your email address will not be published.