BLACK KINGDOM: U.S. Indicts Yemeni Hacker Behind Widespread Ransomware Assaults

Posted on By John Neff No Comments on BLACK KINGDOM: U.S. Indicts Yemeni Hacker Behind Widespread Ransomware Assaults
Day
00
–:–
Post Activated
Scroll down to press Like

Discovery Date: May 2025
Threat Group: Black Kingdom (a.k.a. DemonWare)
Indicted Operator: Rami Khaled Ahmed
Location: Believed to be residing in Yemen
Victim Count: ~1,500 Systems
Primary Objective: Ransomware Deployment, Data Extortion
Initial Entry Point: Vulnerable Microsoft Exchange Servers

THE INDICTMENT

In a sweeping federal indictment unsealed this week, U.S. prosecutors have formally charged a Yemeni national in connection with the Black Kingdom ransomware campaign—a global cyberattack operation that infected over 1,500 systems across the United States and beyond.

The individual, 36-year-old Rami Khaled Ahmed, is accused of developing, deploying, and managing components of the Black Kingdom malware, a ransomware strain first observed during a wave of attacks targeting Microsoft Exchange servers in early 2021.

Ahmed is charged with three felony counts:

  • Conspiracy to commit computer fraud
  • Intentional damage to a protected computer
  • Threatening damage to a protected computer

Each count carries a maximum penalty of five years in prison, should he be apprehended.

ANATOMY OF THE BLACK KINGDOM CAMPAIGN

Though considered rudimentary compared to modern ransomware kits, Black Kingdom’s damage was far from amateur. Once inside a network, the malware either encrypted critical data or threatened to exfiltrate it, pressuring victims into making ransom payments in Bitcoin to addresses linked to the attackers.

The ransomware left behind a ransom note demanding a $10,000 cryptocurrency payment, along with instructions to contact the group through a now-defunct Black Kingdom email address.

According to federal filings, Ahmed remained operational until at least June 2023, coordinating ransom communications, managing crypto wallets, and facilitating the malware’s deployment into high-value targets.

Victims included:

  • A medical billing firm in Encino, California
  • A ski resort in Oregon
  • A school district in Pennsylvania
  • A healthcare clinic in Wisconsin

The charges were announced by the U.S. Attorney’s Office for the Central District of California as part of a broader cybersecurity enforcement campaign during the annual RSA Conference in San Francisco—where international cybersecurity officials, researchers, and government agencies convene each year.

VULNERABILITIES EXPLOITED

Black Kingdom’s initial foothold came from unpatched Microsoft Exchange servers, a high-value target that in early 2021 suffered mass exploitation following the disclosure of ProxyLogon vulnerabilities (CVE-2021-26855 and others).

This vulnerability window created a feeding frenzy among cybercriminal groups, with Black Kingdom among the fastest to weaponize the exploit despite its relatively unsophisticated code.

At the time, analysts from Sophos described the ransomware as “somewhat amateurish in its composition,” yet capable of delivering disruptive and costly damage across both public and private sector systems.

A WEEK OF CYBER JUSTICE

Ahmed’s indictment is just one among a flurry of high-profile cybersecurity enforcement actions announced this week by U.S. federal agencies. Also revealed:

  • A suspect in the Nefilim ransomware gang was extradited to New York to face charges in federal court.
  • Two individuals tied to ‘764,’ a notorious cybercrime and extremist group, were arrested for allegedly coordinating operations across borders.
  • An Iranian national was charged with founding and operating Nemesis Market, one of the longest-running darknet trading platforms for illicit goods.
  • A California man pleaded guilty to infiltrating a Disney employee’s personal computer and stealing over 1 terabyte of confidential internal data in 2024.
  • The U.S. Treasury moved to sever ties with a Cambodian financial institution accused of laundering illicit cybercrime proceeds.

This coordinated crackdown signals a sharpened international focus on cybercrime syndicates, many of which are increasingly operating with state protection or from regions lacking extradition treaties.

THE REALIST ANALYSIS

Black Kingdom’s longevity—despite its crude construction—highlights a sobering truth: technical sophistication is no longer a barrier to success in cyberwarfare. Even low-tier threat actors, with the right exploit window and digital laundering tools, can unleash chaos on infrastructure ranging from hospitals to schools.

Ahmed’s operations demonstrate how global gaps in enforcement and cyber hygiene allow ransomware actors to thrive for years, especially when operating from jurisdictionally isolated regions like Yemen.

The implications of this case stretch beyond a single actor or malware family. They point to the fragile state of global cybersecurity, where known vulnerabilities are left unpatched, and where financial extortion is just one click away for anyone with a script and a server.

🔥 NOW AVAILABLE! 🔥

📖 INK & FIRE: BOOK 1 📖

A bold and unapologetic collection of poetry that ignites the soul. Ink & Fire dives deep into raw emotions, truth, and the human experience—unfiltered and untamed.

🔥 Kindle Edition 👉 https://a.co/d/9EoGKzh
🔥 Paperback 👉 https://a.co/d/9EoGKzh
🔥 Hardcover Edition 👉 https://a.co/d/0ITmDIB

Get your copy today and experience poetry like never before. #InkAndFire #PoetryUnleashed #FuelTheFire

🚨 NOW AVAILABLE! 🚨

📖 THE INEVITABLE: THE DAWN OF A NEW ERA 📖

A powerful, eye-opening read that challenges the status quo and explores the future unfolding before us. Dive into a journey of truth, change, and the forces shaping our world.

🔥 Kindle Edition 👉 https://a.co/d/0FzX6MH
🔥 Paperback 👉 https://a.co/d/2IsxLof
🔥 Hardcover Edition 👉 https://a.co/d/bz01raP

Get your copy today and be part of the new era. #TheInevitable #TruthUnveiled #NewEra

🚀 NOW AVAILABLE! 🚀
📖 THE FORGOTTEN OUTPOST 📖
The Cold War Moon Base They Swore Never Existed

What if the moon landing was just the cover story?

Dive into the boldest investigation The Realist Juggernaut has ever published—featuring declassified files, ghost missions, whistleblower testimony, and black-budget secrets buried in lunar dust.

🔥 Kindle Edition 👉 https://a.co/d/2Mu03Iu
🛸 Paperback Coming Soon

Discover the base they never wanted you to find. TheForgottenOutpost #RealistJuggernaut #MoonBaseTruth #ColdWarSecrets #Declassified

Help us bring real change! Corporate lobbying has corrupted our system for too long, and it’s time to take action. Please sign and share this petition—your support is crucial in restoring accountability to our government. Every signature counts! Thank you!

https://www.ipetitions.com/petition/restore-our-republic-end-lobbying

Support truth, health, and preparedness by shopping the Alex Jones Store through our link. Every purchase helps sustain independent voices and earns us a 10% share to fuel our mission. Shop now and make a difference!

https://thealexjonesstore.com?sca_ref=7730615.EU54Mw6oyLATer7a

Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com

Blogging, Cybersecurity, Federal Indictments, Intelligence, Intelligence Briefs, International Threat Actors, National Security, Ransomware Analysis, Uncategorized Tags:, , , , , , , , , , , ,

Related Posts

PENNSYLVANIA OAG RANSOMWARE BREACH (SSNs + MEDICAL RECORDS EXPOSED) Blogging
THE INFOSTEALER CIRCUIT: Vietnamese Threat Actors Weaponize Telegram to Run a Global Data Theft Syndicate with PXA Stealer Blogging
DOGE AI: The Silent Watchdog Now Embedded in Government Systems—And It’s Too Late to Hide the Corruption AI
GAMING: STATE OF THE SCREEN — JULY 1, 2025 Blogging
Polk County Methamphetamine Trafficker Sentenced to 18 Years in Federal Prison Blogging
CYBERSECURITY REPORT: Ahold Delhaize USA breach– APRIL 2025 Blogging

Leave a Reply

Discover more from The Realist Juggernaut

Subscribe now to keep reading and get access to the full archive.

Continue reading