A heart doctor in Venezuela has been alleged to be the creator of the Thanos and Jigsaw v.2 ransomware strains. The charges come from the United States and believe that Moises Luis Zagala Gonzalez, a cardiologist by day, could be living a double life as a ransomware developer.

The Justice Department is Going After a 55 Year Old Heart Doctor

The Justice Department has just unsealed a criminal complaint made against the 55-year-old heart doctor. The documents claim that Gonzalez, a cardiologist in Venezuela, is actually the author of two popular ransomware strains.

According to the story by PCMag, federal investigators said that Zagala sold and even rented out the "ransomware tools to cybercriminals starting in 2019" and even taught lessons to scammers regarding how to use the programs.

Zagala Gave Customer Care to Buyers and Renters of the Ransomware

The complaint states that Zagala even provided customer care with his software showing his clients how to use it properly. The Jigsaw 2.0, as per the FBI, was created by Zagala as an updated version of the previous ransomware software.

The original Jigsaw 2.0 was reportedly created by other actors. Zagala was also said to have created the Thanos ransomware-creation tool.

Thanos Hid Malicious Code Making Detection Extremely Difficult

The Thanos tool allowed scammers to customize different ransomnotes along with the selection of which files would be encrypted or not. The tool also provided ways to help hide malicious code from the detection of antivirus software.

Zagala rented out Thanos to the scammers and even created an affiliate program around the ransomware tool. This allowed cybercriminals to use the tool and as for payment, Zagala would be entitled to a share of the profits.

Zagala Boasted Thanos Used in Attack of Israeli Companies

Thanos was allegedly advertised by Zagala on different cybercriminal forums and bragged that it was undetectable by antivirus programs. It said that once the encryption is done, the ransomware would then proceed to make detection and recovery almost impossible by simply deleting itself, as per the DOJ.

Zagala even boasted about how the ransomware was so effective that it was used to attack Israeli companies, as detailed in the Times of Israel, by a state-sponsored hacking group. The reason why the FBI was able to identify Zagala is because of their investigations of the payments made by the cybercriminals who used the Thanos tool.

Read Also: CISA Must-Patch List Removes Windows Flaw as Microsoft's Fix Causes Authentication Issues

FBI Allegedly Linked a Paypal and Crypto Account to Zagala

The FBI was able to find a PayPal and crypto account allegedly registered to Zagala. They were also able to recover a Venezuelan driver's license, Gmail, and residence address.

Although the cardiologist's whereabouts remain unclear, the FBI has already made a request to get an arrest warrant for him. As per the complaint, Zagala has reportedly made trips to the United States in the past and could face "five years' imprisonment for computer intrusion" and "five years' imprisonment for conspiracy to commit computer intrusions."

Related Article: 'Roblox' Trojan Virus Now Infecting PCs! Even Business Computers are At Risk

This article is owned by Tech Times

Written by Urian B.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion