Venezuelan cardiologist accused of operating and selling Thanos ransomware

The U.S. Justice Department accused a 55-year-old Venezuelan cardiologist of operating and selling the Thanos ransomware.

The U.S. Justice Department accused Moises Luis Zagala Gonzalez, a 55-year-old cardiologist from Venezuela, of operating and selling the Thanos ransomware.

Thanos ransomware (a.k.a. Hakbit ransomware) has been developed by Nosophoros (aka Aesculapius, and Nebuchadnezzar), a threat actor offering for sale the malware on several Dark Web communities. He has also advertised Jigsaw ransomware and collaborated with multiple actors selling compromised RDP and VPN access to various networks including drumrlu as confirmed by Resecurity and KELA.

The DoJ believes that Gonzalez is Nosophoros, the man was charged with charged for use and sale of ransomware, and profit sharing arrangements with cybercriminals.

“A criminal complaint was unsealed today in federal court in Brooklyn, New York, charging Moises Luis Zagala Gonzalez (Zagala), also known as “Nosophoros,” “Aesculapius” and “Nebuchadnezzar,” a citizen of France and Venezuela who resides in Venezuela, with attempted computer intrusions and conspiracy to commit computer intrusions.” reads the press release published by DoJ. “The charges stem from Zagala’s use and sale of ransomware, as well as his extensive support of, and profit sharing arrangements with, the cybercriminals who used his ransomware programs.”

Zagala designed multiple ransomware and sold or rented them in the cybercrime ecosystem. 

One of the ransomware developed by Zagala is “Jigsaw v. 2,” includes a “Doomsday” counter used to count the victim’s attempts to eradicate the ransomware.  Zagala explained that “If the user kills the ransomware too many times, then its clear he won’t pay so better erase the whole hard drive.”

Zagala allowed customers to pay for a “license” to use the malware for a certain period of time or to join to an “affiliate program” in exchange for a share of the profits from Ransomware attacks. Zagala was accepting payment both in fiat currency and cryptocurrency.

If convicted, the man faces up to five years’ imprisonment for attempted computer intrusion, and five years’ imprisonment for conspiracy to commit computer intrusions. 

“We allege Zagala not only created and sold ransomware products to hackers, but also trained them in their use. Our actions today will prevent Zagala from further victimizing users. However, many other malicious criminals are searching for businesses and organizations that haven’t taken steps to protect their systems – which is an incredibly vital step in stopping the next ransomware attack,” stated Assistant Director-in-Charge Driscoll.

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Thanos ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]