US indicts Yemeni man in Black Kingdom ransomware attacks | The Record from Recorded Future News

The U.S. Attorney's Office for the Central District of California announced charges Thursday against Rami Khaled Ahmed for allegedly helping to develop and deploy Black Kingdom, which spread to “approximately 1,500 computer systems” in the U.S. and elsewhere. A 36-year-old man believed to be residing in Yemen participated in the Black Kingdom ransomware operation over a prolific two-year span, U.S. prosecutors said this week. The U.S. victims included a medical billing services company in Encino, California, as well as a ski resort in Oregon, a school district in Pennsylvania and a health clinic in Wisconsin, prosecutors said. Cybersecurity researchers warned about a burst of activity of Black Kingdom in March 2021 as the gang targeted Microsoft Exchange servers. “The ransomware either encrypted data from victims’ computer networks or claimed to take that data from the networks,” prosecutors said. If apprehended, he faces three charges: one count of conspiracy, one count of intentional damage to a protected computer and one count of threatening damage to a protected computer. Ahmed was part of the operation from March 2021 until at least June of 2023, prosecutors said. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.

This Cyber News was published on therecord.media. Publication date: Fri, 02 May 2025 19:15:16 +0000


Cyber News related to US indicts Yemeni man in Black Kingdom ransomware attacks | The Record from Recorded Future News

10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
3 months ago Cybersecuritynews.com
US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks - This was first reported in March 2021 by researcher Marcus Hutchins, who discovered web shells deployed by Black Kingdom ransomware operators on Exchange servers vulnerable to ProxyLogon attacks. A 36-year-old Yemeni national, who is believed to ...
4 weeks ago Bleepingcomputer.com CVE-2019-11510
10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
1 month ago Cybersecuritynews.com
'Sex life data' stolen from UK government among record number of ransomware attacks - Data on the sex lives of up to 10,000 people was stolen from a British government department in one of the record number of ransomware attacks to have hit Westminster in the first half of this year. It is not known which department the information ...
1 year ago Therecord.media
Yemeni Man Charged in U.S. for Black Kingdom Ransomware Deployed on Schools & Business Networks - When the malware was successful, the ransomware then created a ransom note on the victim’s system that directed the victim to send $10,000 worth of Bitcoin to a cryptocurrency address controlled by a co-conspirator and to send proof of this payment ...
4 weeks ago Cybersecuritynews.com
More than $100 million in ransom paid to Black Basta gang over nearly 2 years - The Black Basta cybercrime gang has raked in at least $107 million in ransom payments since early 2022, according to research from blockchain security company Elliptic and Corvus Insurance. The group has infected more than 329 victim organizations ...
1 year ago Therecord.media FIN7 Black Basta
Black Basta ransomware made over $100 million from extortion - Russia-linked ransomware gang Black Basta has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022, according to joint research from Corvus Insurance and Elliptic. Over 329 victims ...
1 year ago Bleepingcomputer.com Carbanak FIN7 Qilin Black Basta
US indicts Yemeni man in Black Kingdom ransomware attacks | The Record from Recorded Future News - The U.S. Attorney's Office for the Central District of California announced charges Thursday against Rami Khaled Ahmed for allegedly helping to develop and deploy Black Kingdom, which spread to “approximately 1,500 computer systems” in the ...
4 weeks ago Therecord.media
The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
1 year ago Bleepingcomputer.com LockBit Inc ransom Black Basta
Black Hat Europe 2023 Closes on Record-Breaking Event in London - PRESS RELEASE. LONDON, Dec. 20, 2023 - Black Hat, the cybersecurity industry's most established and in-depth security event series, today announced the successful completion of the in-person component of Black Hat Europe 2023. The event welcomed more ...
1 year ago Darkreading.com
Black Basta's ransom haul tops $100M in less than 2 years - The Black Basta ransomware gang has raked in more than $100 million from victims of its double-extortion attacks since its emergence early last year, according to researchers. The haul - which included grabbing $9 million from one victim and more ...
1 year ago Packetstormsecurity.com LockBit Black Basta
Black Basta Buster Utilizes Ransomware Flaw to Recover Files - Security research and consulting firm SRLabs exploited a vulnerability in the encryption algorithm of a specific strain of Black Basta ransomware to develop and release a decryptor tool named Black Basta Buster. This tool, released in response to the ...
1 year ago Heimdalsecurity.com FIN7 Black Basta
British company Advanced fined £3m by privacy regulator over ransomware attack | The Record from Recorded Future News - His comments followed a series of ransomware incidents affecting the healthcare sector last year, including one in which every single household in the Scottish region of Dumfries and Galloway received a letter warning residents that their data was ...
2 months ago Therecord.media LockBit
Notorious Black Basta Tactics, Techniques and Procedures Uncovered From Leak - This security breach rivals the 2022 leaks that affected the Conti ransomware gang and has given threat intelligence experts valuable information about Black Basta’s capabilities, tools, and motivations. According to threat hunters at Intel471 ...
2 months ago Cybersecuritynews.com Black Basta Hunters
Broadcom Merging Carbon Black, Symantec to Create Security Unit - Carbon Black's uncertain future following the closing of Broadcom's $69 billion acquisition of VMware in November is now settled, with the security software business merging with Symantec to form Broadcom's new Enterprise Security Group. The creation ...
1 year ago Securityboulevard.com
Black Kite Unveils Monthly Ransomware Dashboards - PRESS RELEASE. Boston, MA - January 24, 2023 - Black Kite, the leader in third-party cyber risk intelligence, today unveiled the industry's first monthly ransomware dashboard, featuring crucial insights for security teams, media, analysts, and other ...
1 year ago Darkreading.com 8base LockBit Akira Werewolves
'Black Basta Buster' Exploits Ransomware Bug for File Recovery - Researchers have exploited a weakness in a particular strain of the Black Basta ransomware to release a decryptor for the malware, but it doesn't recover all of the files encrypted by the prolific cybercriminal gang. Security research and consulting ...
1 year ago Darkreading.com FIN7 Black Basta
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
Learn How to Decrypt Black Basta Ransomware Attack Without Paying Ransom - Researchers have created a tool designed to exploit a vulnerability in the Black Basta ransomware, allowing victims to recover their files without succumbing to ransom demands. This decryption tool potentially provides a remedy for individuals who ...
1 year ago Cysecurity.news FIN7 Black Basta
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta
Toronto Public Library outages caused by Black Basta ransomware attack - The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack. The Toronto Public Library is Canada's largest public library system, giving access to 12 million books through 100 branch libraries across ...
1 year ago Bleepingcomputer.com Carbanak FIN7 Metaencryptor Black Basta
Ransomware's Impact May Include Heart Attacks, Strokes & PTSD - First-order harms: Direct targets of ransomware attacks. The increasing convergence of IT and OT leave physical infrastructures more vulnerable to ransomware, even though most ransomware operators lack the capability to directly compromise OT or ...
1 year ago Techrepublic.com
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
1 year ago Bleepingcomputer.com Qilin Cactus Black Basta
Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
1 year ago Malwarebytes.com Scattered Spider LockBit
New Black Basta decryptor exploits ransomware flaw to recover files - Researchers have created a decryptor that exploits a flaw in Black Basta ransomware, allowing victims to recover their files for free. The decryptor allows Black Basta victims from November 2022 to this month to potentially recover their files for ...
1 year ago Bleepingcomputer.com Black Basta