The ransomware It is one of the many computer threats that have existed for a long time, although its use has grown significantly in recent years. Among so many alternatives available, two have become news in the last hours since the United States Department of Justice claims to have identified its creator. We talk about Thanos Y jigsawtwo malicious tools that they would be the work of a 55-year-old Venezuelan doctor named Moisés Luis Zagala González.
According to published by the US DoJ Earlier this week, Zagala was operating online using different aliases, such as Nosophoros, Aesculapius Y Nebuchadnezzar. The subject, a cardiologist based in Ciudad Bolívar, Venezuela, also has French nationality; and now he faces a criminal complaint filed in federal court in Brooklyn, New York.
He is charged with “attempted computer intrusions and conspiracy to commit computer intrusions.” Such charges could net you sentences of up to five years in prison eachif found guilty of developing, using and selling the ransomware in question, as well as providing support for its use and engaging in profit sharing with other cybercriminals.
“We allege that Zagala not only created and sold ransomware products to hackers, but also trained them in their use. Our actions today will prevent Zagala from further victimizing users. However, many other malicious criminals are looking for companies and organizations that they haven’t taken steps to protect their systems, which is an incredibly vital step in stopping the next ransomware attack.”
Michael J. Driscoll, Deputy Director in Charge of the FBI New York Office
Ransomware created by a ‘doctor hacker’
The story behind the creator of the Thanos and Jigsaw ransomware has several peculiar edges, to say the least. Apparently, Zagala it wasn’t exactly discreet when disclosing information about their illegal activities online. In fact, the Justice Department report indicates that the Venezuelan doctor used to brag about the attacks that were perpetrated with his tools when they made the news. This has led to apparent links to Iranian government-sponsored hackers, according to US authorities.
Another striking point is that Zagala established two business models to market their ransomware. On the one hand, he created a kind of “affiliate program” in which he provided his malicious software to a group of hackers and later they shared the profits from him; on the other, he licensed Thanos ransomware to other hackers.
What is striking about the second point is that the FBI discovered that said software periodically communicated with a server in North Carolina, United States. Thus, Zagala controlled the activation of licenses. As explained by the Federal Bureau of Investigation, an undercover agent acquired a license for the aforementioned malware during the investigation. Subsequently, the agency decommissioned that server.
sunk by a relative
The other peculiar point is that a relative of the “doctor hacker”, based in Florida, gave valuable personal information to the FBI. He not only confirmed that received payments for Zagala’s illicit activities through PayPal, but also provided contact information for the cardiologist. Thus, the agents were able to corroborate that the subject used his personal email account to register part of the infrastructure that he used to license the Thanos ransomware.
“The multi-tasking doctor treated patients, created his cyber tool and named it after death, profited from a global ransomware ecosystem where he sold the tools to carry out attacks, trained attackers on how to extort money from victims and then bragged about the successful attacks. […] The fight against ransomware is one of the main priorities of the Department of Justice and this Office. If you benefit from ransomware, we will find you and disrupt your malicious operations.”
Breon Peace, United States Attorney for the Eastern District of New York.