A 36 -year -old Yamani National, considered a developer and primary operator of the ‘Black Kingdom’ ransomware, has been motivated by the United States to carry out an attack on Microsoft Exchange Server.
Suspected, Rami Khalid Ahmed is accused of deploying Black Kingdom Malware on around 1,500 computers in the United States and abroad, demanding a ransom of $ 10,000 in bitcoin.
“As per the prosecution from March 2021 to June 2023, Ahmed and others infected the computer network of many US-based victims, including a medical billing service company in Encyno, a ski resort in Oregan, a school in Pennsylvania, a school district and a health clinic in Visconsin,” included ” Announces an US justice department,
“When the malware was successful, the ransomware made a ransom note on the victim’s system, which directed the victim to send a bitcoin worth $ 10,000 to the Cryptocurrency address controlled by a co-scientist and send proof of this payment to a black kingdom email address.”
The US DOJ stated that Ahmed designed the Black Kingdom Rancemware to take advantage of a vulnerability on the Microsoft Exchange for early access to targeted computers.
This was first reported by researcher Marcus Hutchins in March 2021, who discovered web shells deployed by Black Kingdom Rancemware operators on a weak exchange server for proxylogone attacks.
Proxylogon flaw Microsoft refers to a set of significant weaknesses in the server that was previously revealed and exploited in early 2021.
Flaws CVE-2021-26855 (server-side requests used for early access), cve-2021-26857 (Use of unprotected deserialization used for privilege escalation), and cve-2021-26858 and cve-2021-27065 (CVE-2021-26858 and cve-2021-27065 ( Is).
Soon, Microsoft confirmed that the Black Kingdom had compromised the 1,500 exchange servers by taking advantage of the proxylogon defects.
In June 2020, it was discovered that the Black Kingdom targeted the CVE-2019-11510, an important vulnerability that affects the pulse safe VPN, to dissolve the corporate network and deploy their file lockers.
For his Black Kingdom attacks, Ahmed now faces allegations of conspiracy allegations, deliberate damage to a protected computer, and threatening to damage a protected computer.
If convicted, Ahmed faces a five -year statutory maximum punishment in the federal jail for each count, for a total of 15 years.
US DOJ says Ahmed is considered to live in Yemen.
Based on the analysis of 14M malicious tasks, search for the top 10 MITERAT & CK techniques behind the 93% attacks and how to defend them against them.
