E. Martin Estrada, U.S. Attorney | U.S. Attorney's Office for the Central District of California
A 36-year-old Yemeni man, Rami Khaled Ahmed, known as "Black Kingdom," has been indicted by a federal grand jury for his alleged involvement in deploying ransomware against computer systems globally, targeting entities such as businesses, schools, and hospitals in the U.S. The indictment, issued in Los Angeles, encompasses one count of conspiracy, one count of intentional damage to a protected computer, and one count of threatening damage to a protected computer. Ahmed is believed to be in Yemen.
The indictment details that from March 2021 to June 2023, Ahmed, along with others, infected several U.S. computer networks, including organizations such as a medical billing company in Encino, California, a ski resort in Oregon, a Pennsylvania school district, and a Wisconsin health clinic. They used Black Kingdom ransomware to exploit a vulnerability in Microsoft Exchange, which either encrypted data on victims’ networks or purportedly extracted it. Victims were then directed to pay a $10,000 Bitcoin ransom to a cryptocurrency address managed by a co-conspirator and to send confirmation to a specific Black Kingdom email.
The conspirators reportedly transmitted the ransomware to about 1,500 computer systems in the United States and elsewhere. The charges are currently allegations, and Ahmed is presumed innocent until proven guilty. If convicted, he could face a maximum sentence of five years in federal prison for each count.
The FBI, with assistance from the New Zealand Police, is investigating the case. Prosecutors handling the case are Assistant U.S. Attorneys Angela C. Makabali and Alexander Gorin from the Cyber and Intellectual Property Crimes Section.