18 May 2022

55-year-old Venezuelan doctor accused of being mastermind behind Jigsaw, Thanos ransomware


55-year-old Venezuelan doctor accused of being mastermind behind Jigsaw, Thanos ransomware

The US authorities have charged a 55-year-old cardiologist from Venezuela for his involvement in creation and sale of ransomware to hackers.

The US Department of Justice alleges that Moises Luis Zagala Gonzalez (Zagala), also known as “Nosophoros,” “Aesculapius” and “Nebuchadnezzar,” both developed and sold the Jigsaw ransomware and the Thanos ransomware builder to cybercriminals, but also offered support to those who bought his products.

“As alleged, the multi-tasking doctor treated patients, created and named his cyber tool after death, profited from a global ransomware ecosystem in which he sold the tools for conducting ransomware attacks, trained the attackers about how to extort victims, and then boasted about successful attacks, including by malicious actors associated with the government of Iran,” the DoJ said.

The Thanos ransomware builder allowed its users to create their own unique ransomware, which they could then use or rent for use by other cybercriminals. Zagala advertised the Thanos software on various darknet cyber crime forums for $500 a month with “basic options” or $800 with “full options,” while also recruiting affiliates for the RaaS program.

If convicted, Zagala faces up to five years’ imprisonment for attempted computer intrusion, and five years’ imprisonment for conspiracy to commit computer intrusions.

Back to the list

Latest Posts

Researchers uncovered undetectable malware linked to Russia's APT

Researchers uncovered undetectable malware linked to Russia's APT

According to a recent report published by Palo Alto Networks, new piece of malware currently evades 56 antivirus products.  
6 July 2022
New ransomware operation RedAlert puts victims on a "board of shame"

New ransomware operation RedAlert puts victims on a "board of shame"

At this point, only one victim is listed on the RedAlert’s data leak website, indicating that the development is very new.
6 July 2022
Microsoft silently issued a fix for ‘ShadowCoerce’ NTLM Relay attack

Microsoft silently issued a fix for ‘ShadowCoerce’ NTLM Relay attack

Despite patching the flaw, Microsoft hasn’t provided any details about it and assigned a CVE ID yet.
6 July 2022