A 36-year-old Yemeni national has been charged by the United States over the ransomware attacks he allegedly launched against organizations in the US and elsewhere.
The suspect, Rami Khaled Ahmed, is believed to be behind Black Kingdom ransomware attacks. Authorities said he delivered his malware to roughly 1,500 systems, including ones belonging to schools, hospitals and businesses.
He has been charged with conspiracy, intentional damage to a protected computer, and threatening damage to a protected computer.
He faces up to five years in prison for each charge. However, he is believed to be located in Yemen and it remains to be seen if he will ever be prosecuted in the United States.
According to the DoJ, Ahmed developed and deployed the Black Kingdom ransomware. The charges focus on attacks launched by the Yemeni national and others between March 2021 and June 2023.
Black Kingdom, aka Pydomer, made headlines in 2020 and 2021, when it targeted systems through the exploitation of Microsoft Exchange and Pulse Secure VPN vulnerabilities.
While the ransom note dropped by Black Kingdom on compromised systems mentioned data theft, the ransomware appears to have focused on encrypting files. Black Kingdom does not appear to have had a leak website to name victims and leak stolen data.
Security experts noted back in mid-2021 that the development of the Black Kingdom malware seemed amateurish and it was possible to recover encrypted files without paying a ransom.
The Black Kingdom ransomware has not made any headlines since 2021.
Related: LockBit Ransomware Mastermind Unmasked, Charged
Related: Ukrainian Nefilim Ransomware Affiliate Extradited to US
Related: Authorities Disrupt 8Base Ransomware, Arrest Four Russian Operators