The U.S. government has charged a Yemeni man for launching widespread Kingdom ransomware attacks that crippled systems across schools, hospitals, and businesses.
Rami Khaled Ahmed, 36, is accused of creating and spreading the ransomware between 2021 and 2023. He allegedly infected around 1,500 computers in the U.S. and other countries.
Federal officials said Ahmed used the malware to lock files and demand payment from victims. He also sent threats promising more damage if his demands weren’t met.
The Department of Justice (DoJ) revealed three criminal charges against him: conspiracy, causing intentional damage to protected computers, and issuing threats related to computer damage. Each count could carry up to five years in prison.
However, Ahmed is believed to be in Yemen. It’s uncertain if he will face prosecution in a U.S. courtroom.
Kingdom ransomware, also known as Pydomer, first appeared in 2020. It gained attention by exploiting weaknesses in Microsoft Exchange and Pulse Secure VPN.
Security experts who studied it said the ransomware wasn’t very advanced. Victims could often recover their data without paying, due to flaws in how it encrypted files.
Unlike larger ransomware groups, Kingdom ransomware didn’t leak stolen data online. Its ransom notes threatened data theft, but most attacks focused on locking files, not stealing them.
The malware hasn’t made headlines since 2021. But with these charges, authorities show they are still hunting cybercriminals long after attacks stop.
