The multi-tasking physician ran a Ransomware-as-a-Service and rented dangerous ransomware to cybercriminals.
The US Department of Justice has unsealed a criminal complaint against French-Venezuelan Moises Luis Zagala Gonzalez for developing two dangerous ransomware strains- Thanos and Jigsaw v.2.
The cardiologist reportedly conducted computer intrusions and created ransomware for cybercriminals and may get up to five years for computer intrusion and another five years in prison for conspiracy to commit computer intrusions.
According to the DoJ, Zagala operated under different nicknames such as “Nebuchadnezzar,” “Aesculapius,” and “Nosophoros,” and had a crew of 5 to 20 people.
A Brooklyn federal court stated that the 55-year-old accused designed numerous tools for cybercriminals specifically to facilitate ransomware attacks. Federal investigators revealed that Zagala started renting out and selling his ransomware creations in 2019 and offered “extensive customer service” to help cyber criminals understand how to use the tools against their victims “most effectively.”
The US Attorney Breon Peace stated in a press release that the accused “boasted about successful attacks, including by malicious actors associated with the government of Iran.”
Jigsaw v.2 and Thanos Ransomware Details
According to the Federal Bureau of Investigation, the accused developed a second version of the infamous Jigsaw ransomware by updating the older program created by another party.
Furthermore, Zagala developed Thanos and named it after the Marvel supervillain. DoJ’s press release affirmed that Zagala had “profit-sharing” agreements with the cybercriminals who used these tools.
Jigsaw v. 2 allowed users to monitor the number of times victims attempted to remove the malware. The DoJ stated that Zagala said if the user tried to remove the ransomware too many times, the malicious software attempted to erase the whole hard drive since Jigsaw v.2 could delete 1,000 files to punish the victim. Emsisoft released a decryptor for Jigsaw v.2 in 2019.
Thanos’ features include a customizable ransom note and choosing the files that should be encrypted. It utilizes different options to hide the malicious code from antivirus software. Zagala used to sell Thanos by renting it out via a licensing model and created an affiliate program for it to let the scammer use the tool and share profits from the successful attacks.
Furthermore, Zagala promoted Thanos on various online hacker forums. The ‘multi-tasking’ Ciudad Bolivar, Venezuela resident, bragged that his ransomware was ‘nearly undetectable’ in his ads. After encrypting the files, it performs self-deletion, which makes ‘detection and recovery almost impossible’ for the victims.
More Cyber Criminals Getting Busted News
- Russia ”neutralizes” REvil ransomware gang, arrests 14
- Romanian arrested for ransomware attacks and data theft
- Members of the infamous Egregor ransomware arrested in Ukraine
- Husband and wife among ransomware operators arrested in Ukraine
- FBI Seizes RaidForums and Arrests Alleged Founder Diogo Santos Coelho