Self-taught cardiologist and cybercriminal doctor created and distributed ransomware.

According to the US Department of Justice (DOJ), 55-year-old cardiologist Dr. Moises Luis Zagala Gonzalez MD of New York has been accused of creating and distributing ransomware equipped with a “doomsday clock” and share the profits of the attacks. . Zagala also bears the names of “Nosophoros”, “Esculapius” and “Nebuchadnezzar”. He is a French and Venezuelan citizen and currently lives in Ciudad Bolivar, Venezuela.

US authorities alleged that in 2019, the cardiologist began marketing a new online tool he had created, a “Private Ransomware Builder” named “Thanos”. He likely named the ransomware after the fictional character Thanos, who is responsible for destroying half of all life in the universe, as well as “Thanatos” from Greek mythology, who is associated with death. Users of the illicit software can access “recovery information”, which allows them to create a personalized ransom note, distribute it to victims, and create an account to receive Bitcoin payments. They can also use the “data stealer” which allows them to steal certain files from victims once a computer is infected, or an “anti-VM” option to bypass security protocols. The software also allows users to create their own versions for personal use or to rent them to other cyber criminals.

Additionally, Zagala created a ransomware tool, called “Jigsaw v. 2”, which included a doomsday counter that kept track of the number of times a victim attempted to remove ransomware from a PC. “If the user kills the ransomware too many times, clearly they won’t pay, so better wipe the entire hard drive,” Zagala wrote to his clients. The program comes with an auto-remove option to do just that. The name “Jigsaw” may refer to the mastermind behind the sadistic games in the Seen movies.

Breon Peace, U.S. Attorney for the Eastern District of New York, said: “As claimed, the multi-tasking doctor was treating patients, creating and naming his cyber tool after he died, profiting from a global ransomware ecosystem in which he was selling driving tools. ransomware attacks, trained attackers on how to extort victims, and then boasted of successful attacks, including by malicious actors associated with the Iranian government.

Michael J. Driscoll, Deputy Director in Charge of the Federal Bureau of Investigations (FBI) New York Field Office, added: “We allege that Zagala not only created and sold ransomware to hackers, but also trained them to do so. use. Our actions today will prevent Zagala from further victimizing users. However, many other malicious criminals seek out companies and organizations that haven’t taken steps to protect their systems, which is an incredibly vital step in stopping the next ransomware attack.

In its press release, the DOJ states, “Zagala’s customers were satisfied with its products. In a July 2020 post, one user said the ransomware was “very powerful” and claimed he had used it to infect a network of around 3,000 computers. In December 2020, according to the agency, another user wrote: “We have been working with this product for over a month now, we have a good profit! The best support I have encountered.

After speaking with one of Zagala’s relatives in Florida, federal agents said they believe the doctor taught himself computer programming. Although still in Venezuela, he faces up to ten years behind bars if captured and brought back to the United States.

Sources:

Cardiologist faces US federal charges for hacking and ransomware

Hacker and ransomware designer accused of using and selling ransomware and profit-sharing deals with cybercriminals