US Charges Venezuelan Cardiologist with Developing and Selling Ransomware

Colin Thierry Colin Thierry

US prosecutors charged a Venezuelan cardiologist with developing and selling ransomware that was used by Iranian state-sponsored hacking groups. Moises Luis Zagala Gonzalez, 55, a self-taught computer programmer, created a ransomware builder called “Thanos” and a ransomware tool called “Jigsaw v.2.”

Zagala advertised his products on dark web forums and markets and sold them to cybercriminals for up to $800 a month. According to a complaint filed on Monday in the US District Court, he sold and rented his ransomware and trained cybercriminals on setting up their own ransomware gangs and effectively using his product.

Thanos, Zagala’s ransomware builder, was a sophisticated tool that could detect and evade antivirus detection. It also could detect when it was run in a virtual machine and had a self-destruction module to erase all evidence of its existence. Jigsaw v.2, the ransomware tool, included a “Doomsday” counter feature that would wipe a victim’s hard drive clean after repeated attempts to remove the ransomware from their device.

US authorities managed to capture Zagala by tracking his brother’s PayPal account that he was using to launder some of the money he earned from his illegal operation.

The culprit’s email address also included his real name and the ransomware he developed contacted a licensing server located in North Carolina, making it very easy to find for US investigators. Zagala also messaged his clients on open Jabber clients, which made it even easier for investigators to locate him. Zagala is currently facing up to five years in prison on each charge.

About the Author

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.