US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks

pGoogle to pay 1375 billion to settle Texas data privacy violationsppiClicker site hack targeted students with malware via fake CAPTCHAppMicrosoft Teams will soon block screen capture during meetingsppLockBit ransomware gang hacked victim negotiations exposedppStop paying monthly and get a PDF editor for life in this dealppASUS DriverHub flaw let malicious sites run commands with admin rightsppWindows 11 upgrade block lifted after Safe Exam Browser fixppHackers now testing ClickFix attacks against Linux targetsppHow to access the Dark Web using the Tor BrowserppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppeLearningppIT Certification CoursesppGear GadgetsppSecurityppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppppA 36yearold Yemeni national who is believed to be the developer and primary operator of Black Kingdom ransomware has been indicted by the United States for conducting 1500 attacks on Microsoft Exchange serversppThe suspect Rami Khaled Ahmed is accused of deploying the Black Kingdom malware on roughly 1500 computers in the United States and abroad demanding ransom payments of 10000 in BitcoinppAccording to the indictment from March 2021 to June 2023 Ahmed and others infected computer networks of several USbased victims including a medical billing services company in Encino a ski resort in Oregon a school district in Pennsylvania and a health clinic in Wisconsin explains a US Department of Justice announcementppWhen the malware was successful the ransomware then created a ransom note on the victims system that directed the victim to send 10000 worth of Bitcoin to a cryptocurrency address controlled by a coconspirator and to send proof of this payment to a Black Kingdom email address reads another part of the announcementppThe US DoJ highlights that Ahmed designed Black Kingdom ransomware to exploit a vulnerability in Microsoft Exchange for initial access to targeted computersppThis was first reported in March 2021 by researcher Marcus Hutchins who discovered web shells deployed by Black Kingdom ransomware operators on Exchange servers vulnerable to ProxyLogon attacksppThe ProxyLogon flaw refers to a set of critical vulnerabilities in Microsoft Exchange Server that were first disclosed and exploited in early 2021ppThe flaws are CVE202126855 ServerSide Request Forgery used for initial access CVE202126857 insecure deserialization used for privilege escalation to SYSTEM and CVE202126858 and CVE202127065 arbitrary file write used for writing web shells to serversppSoon Microsoft confirmed that Black Kingdom had compromised 1500 Exchange servers by leveraging ProxyLogon flawsppIn June 2020 it was revealed that Black Kingdom targeted CVE201911510 a critical vulnerability affecting Pulse Secure VPN to breach corporate networks and deploy their file lockersppFor his Black Kingdom attacks Ahmed now faces charges of conspiracy intentional damage to a protected computer and threatening damage to a protected computerppIf convicted Ahmed faces a statutory maximum sentence of five years in federal prison for each count totaling up to 15 yearsppThe US DoJ states that Ahmed is believed to be residing in YemenppBased on an analysis of 14M malicious actions discover the top 10 MITRE ATTCK techniques behind 93 of attacks and how to defend against themppGermany takes down eXch cryptocurrency exchange seizes serversppMicrosoft Exchange 2016 and 2019 reach end of support in six monthsppMicrosoft Outdated Exchange servers fail to automitigate security bugsppTexas State Bar warns of data breach after INC ransomware claims attackppUK fines software provider 307 million for 2022 ransomware breachppNot a member yet Register NowppMicrosoft Teams will soon block screen capture during meetingsppFake AI video generators drop new Noodlophile infostealer malwareppiClicker site hack targeted students with malware via fake CAPTCHAppLearn why identity attacks were the 1 threat facing organizations in 2024ppHow to tell if your organizations credentials have been involved in a breachppMajority of browser extensions pose critical security risk learn how to control itppView your organizations attack surface digital frauds at no cost Register now for CTM360s Community EditionppOverdue a password healthcheck Audit your Active Directory for freeppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2025 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp