When the malware was successful, the ransomware then created a ransom note on the victim’s system that directed the victim to send $10,000 worth of Bitcoin to a cryptocurrency address controlled by a co-conspirator and to send proof of this payment to a Black Kingdom email address.” DOJ said. A Yemeni national, Rami Khaled Ahmed, aged 36, has been indicted by federal authorities in the Central District of California for allegedly orchestrating a cyberattack campaign using Black Kingdom ransomware to extort victims, the U.S. Department of Justice announced. Ahmed is accused of deploying Black Kingdom malware on approximately 1,500 computer systems across the United States and globally between March 2021 and June 2023. The ransomware avoided encrypting critical system folders but failed to mark encrypted files, risking data loss from multiple encryptions. The malware encrypted files, appending random extensions like “.DEMON” or “.black_kingdom,” and left ransom notes demanding $10,000 in Bitcoin for decryption keys. Victims faced ransom demands of 0.052 to 0.19 Bitcoin (approximately $500 to $10,000), with payments directed to a static Bitcoin address that saw limited transactions, suggesting low success rates. Despite its simple design, coded in Python and compiled into Windows executables, it caused significant disruption, with some victims paying ransoms, including one recorded payment of $9,400 in Bitcoin. Black Kingdom’s 2021 campaign used web shells to access Exchange servers, executing scripts to download ransomware. The ransomware exploited vulnerabilities in Microsoft Exchange servers, allowing attackers to gain remote access, install web shells, and execute malicious scripts.
This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 03 May 2025 13:15:02 +0000