Skip to content
US names and disgraces Venezuelan doctor as notorious ransomware maker – TechCrunch


The United States has named a Venezuelan cardiologist as the alleged mastermind behind notorious Thanos ransomware.

According to the US Department of Justice, Moises Luis Zagala Gonzalez, 55, created and distributed Thanos software, a ransomware-as-a-service (RaaS) operation that allowed its users to create and deploy their own ransomware variants .

Zagala allegedly sold and rented the ransomware tools to cybercriminals from 2019 and even taught cybercriminals how to use the tools, according to the indictment, teaching threat actors how to design a ransom note, steal the words victim computers and set a bitcoin address for ransom payment. “Zagala provides extensive customer service with its software, advising its clients on the most effective way to use its software against their victims,” the indictment states. The FBI said at least 38 copies of the Thanos tool have been sold.

Zagala has also publicly discussed how his clients have used his tools in ransomware attacks, even posting links to news stories about an Iranian state-sponsored hacking group using Thanos to attack Israeli businesses. . One of the linked reports detailed how the ransomware was used by the hacking group MuddyWater, which US Cyber ​​Command linked earlier this year to Iranian intelligence.

“As alleged, the multitasking doctor treated patients, created and named his cyber tool after death, took advantage of a global ransomware ecosystem in which he sold the tools to carry out ransomware attacks, trained the attackers on how to extort victims and then bragged about successful attacks, including by malicious actors associated with the Iranian government,” said Breon Peace, the U.S. attorney for East New York, where the case was filed.

In addition to creating Thanos, Zagala is accused of creating “Jigsaw v. 2”, a ransomware tool that included a so-called “Doomsday counter” that kept track of the number of times victims attempted to remove the malware. “If the user kills the ransomware too many times, then clearly they won’t pay, so better wipe the entire hard drive,” Zagala wrote, according to the DOJ, adding that 1,000 files would be deleted each time. that a victim restarts his system. .

Zagala’s products were popular with cybercriminals, whom he asked for advice. The DOJ said it found several reviews of its products that touted their effectiveness. One reviewer said they used Zagala’s products to “infect a network of about 3,000 computers” and another user wrote in Russian that they made “good profits” after a month of using the ransomware tools .

The FBI was able to identify Zagala after interviewing a relative whose PayPal account was used to receive illicit profits.

Zagala – who remains in Venezuela – faces up to ten years in prison for attempted computer intrusion and conspiracy charges if brought to trial in the United States. The indictment is part of efforts in recent years by the Justice Department to “name and humiliate” cyberattackers who fall outside of US jurisdiction.


techcrunch Gt

Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.