The United States Attorney’s Office has formally charged 36-year-old Yemeni Rami Khaled Ahmed with organizing and deploying the Black Kingdom malware. The software is alleged to have compromised at least 1,500 computer systems in the United States over a two-year period, including hospitals, schools and businesses.
According to the U.S. Attorney’s Office for the Central District of California, Ahmed and his accomplices exploited vulnerabilities in Microsoft Exchange to install the Black Kingdom ransomware on victims’ computers between March 2021 and June 2023. The victims included a medical billing company in California, a ski resort in Oregon, a school district in Pennsylvania and a medical center in Wisconsin.
The malware either encrypted data or claimed to have stolen it, accompanied by a note demanding $10,000 in Bitcoin. The money was to be deposited into an accomplice’s crypto wallet, with confirmation of the transaction required to be sent to a specially created mailbox belonging to the Black Kingdom group.
If arrested and convicted, Ahmed faces up to 15 years in prison — five years each on each of the charges: conspiracy, willful damage to a protected computer, and threat of such damage.
Black Kingdom first gained attention in 2021, when Sophos experts described the malware as “amateurish but dangerous.” The software spread rapidly through corporate email servers. The investigation was conducted by US and New Zealand law enforcement agencies in close cooperation.
In 2025, the US government continues to actively fight cybercrime: during the week, a member of the Nefilim group was also extradited, the developer of Nemesis Market was indicted, and members of the international hacker group 764 were arrested.
81 
56 
83 