CyberSecurity news
FlagThis
@cyberalerts.io
//
The United States has indicted a 36-year-old Yemeni national, Rami Khaled Ahmed of Sana'a, believed to be the developer and primary operator of the 'Black Kingdom' ransomware. The charges stem from approximately 1,500 attacks conducted against Microsoft Exchange servers globally. Ahmed is accused of deploying the Black Kingdom malware on these systems between March 2021 and June 2023, targeting businesses, schools, and hospitals within the U.S. and elsewhere. He faces one count of conspiracy, one count of intentional damage to a protected computer, and one count of threatening damage to a protected computer.
The attacks involved exploiting a vulnerability in Microsoft Exchange Server known as ProxyLogon, identified as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. This allowed Ahmed and his co-conspirators to gain access to vulnerable networks, encrypt data, or claim to have stolen information. Victims were then instructed to send $10,000 worth of Bitcoin to a cryptocurrency address controlled by a co-conspirator as ransom for decryption. They were also allegedly asked to send proof of payment to a Black Kingdom email address.
Cybersecurity experts described Black Kingdom ransomware as somewhat rudimentary, characterizing the attacker as a "motivated script-kiddie" leveraging ProxyLogon to deploy web shells and PowerShell commands. The indictment underscores the ongoing cybersecurity challenges posed by ransomware and highlights the importance of patching vulnerabilities promptly to prevent exploitation. If convicted, Ahmed faces a maximum sentence of five years in federal prison for each count. The FBI, with assistance from the New Zealand Police, is conducting the investigation.
ImgSrc: blogger.googleu
References :
The attacks involved exploiting a vulnerability in Microsoft Exchange Server known as ProxyLogon, identified as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. This allowed Ahmed and his co-conspirators to gain access to vulnerable networks, encrypt data, or claim to have stolen information. Victims were then instructed to send $10,000 worth of Bitcoin to a cryptocurrency address controlled by a co-conspirator as ransom for decryption. They were also allegedly asked to send proof of payment to a Black Kingdom email address.
Cybersecurity experts described Black Kingdom ransomware as somewhat rudimentary, characterizing the attacker as a "motivated script-kiddie" leveraging ProxyLogon to deploy web shells and PowerShell commands. The indictment underscores the ongoing cybersecurity challenges posed by ransomware and highlights the importance of patching vulnerabilities promptly to prevent exploitation. If convicted, Ahmed faces a maximum sentence of five years in federal prison for each count. The FBI, with assistance from the New Zealand Police, is conducting the investigation.
ImgSrc: blogger.googleu
Share:
References :
- bsky.app: Bsky.app Post on the Black Kingdom Ransomware Indictment
- The DefendOps Diaries: The DefendOpsDiaries: The Indictment of a Black Kingdom Ransomware Administrator: A Turning Point in Cybersecurity
- thehackernews.com: U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems
- www.bleepingcomputer.com: BleepingComputer article on US indicting Black Kingdom Ransomware admin
- DataBreaches.Net: US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks
- BleepingComputer: A 36-year-old Yemeni national, who is believed to be the developer and primary operator of 'Black Kingdom' ransomware, has been indicted by the United States for conducting 1,500 attacks on Microsoft Exchange servers.
- BleepingComputer: US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks
- Talkback Resources: U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems [exp] [mal]
- The Hacker News: U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems
- DataBreaches.Net: US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks
- securebulletin.com: US indicts Black Kingdom ransomware operator: technical analysis of ProxyLogon exploitation and law enforcement response
- www.scworld.com: US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks
- Secure Bulletin: US indicts Black Kingdom ransomware operator: technical analysis of ProxyLogon exploitation and law enforcement response
- securityaffairs.com: US authorities have indicted Black Kingdom ransomware admin
- bsky.app: Risky Biz podcast/newsletter covering the charges against the Black Kingdom ransomware operator
- databreaches.net: US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks
- securityonline.info: SecurityOnline article about the indictment.
- Daily CyberSecurity: Yemeni National Indicted for Black Kingdom Ransomware Attacks
- Threats | CyberScoop: Federal prosecutors indict alleged head of Black Kingdom ransomware
- cyberscoop.com: Federal prosecutors indict alleged head of Black Kingdom ransomware
- www.scworld.com: Alleged Black Kingdom hacker indicted over massive Exchange Server breach
Classification:
- HashTags: #ransomware #microsoft #cybercrime
- Company: Microsoft
- Target: Microsoft Exchange Servers
- Attacker: Yemeni Hacker
- Product: Microsoft Exchange
- Feature: Exploit
- Malware: Black Kingdom
- Type: Ransomware
- Severity: Major