SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Cardiologist Faces US Federal Charges for Hacking, Ransomware
Go
New
Find
Notify
Tools
Reply
  
Cardiologist Faces US Federal Charges for Hacking, Ransomware Login/Join 
Member
posted
A cardiologist and alleged hacker and ransomware developer has been named in a criminal complaint filed in federal court in Brooklyn, New York.

According to a statement from the US Department of Justice (DOJ), 55-year-old Moises Luis Zagala Gonzalez, MD, is charged with creating and distributing ransomware with a "doomsday" clock and sharing in profits from ransomware attacks.

Zagala, also known as "Nosophoros," "Aesculapius," and "Nebuchadnezzar," is a citizen of France and Venezuela who currently lives in Ciudad Bolivar, Venezuela.

Breon Peace, US attorney for the Eastern District of New York, and Michael J. Driscoll, assistant director in charge of the FBI's New York Field Office, announced the charges.

"As alleged, the multitasking doctor treated patients, created and named his cyber tool after death, profited from a global ransomware ecosystem in which he sold the tools for conducting ransomware attacks, trained the attackers about how to extort victims, and then boasted about successful attacks, including by malicious actors associated with the government of Iran," Peace said in the news release from DOJ.

"We allege Zagala not only created and sold ransomware products to hackers, but also trained them in their use. Our actions today will prevent Zagala from further victimizing users," Driscoll said. "However, many other malicious criminals are searching for businesses and organizations that haven't taken steps to protect their systems — which is an incredibly vital step in stopping the next ransomware attack."

Ransomware tools are malicious software that cybercriminals use to extort money from companies, nonprofits, and other institutions by encrypting their files and then demanding a ransom for the decryption keys.

One of Zagala's early ransomware tools, called "Jigsaw v. 2," had what Zagala described as a doomsday counter that kept track of how many times the user tried to remove the ransomware. "If the user kills the ransomware too many times, then it's clear he won't pay so better erase the whole hard drive," Zagala wrote.

According to the DOJ, beginning in late 2019, Zagala began advertising a new tool as a "private ransomware builder," which he called Thanos. The name appears to be in reference to a fictional villain responsible for destroying half of all life in the universe and to "Thanatos" from Greek mythology, who is associated with death.

Zagala's Thanos software allows users to create their own unique ransomware software for personal use or to rent to other cybercriminals.

Zagala allegedly not only sold or rented out his ransomware tools to cybercriminals, but he also taught users how to deploy the tools, steal passwords from victim computers, and set up a Bitcoin address for ransom payments.

Zagala's customers were happy with his products, the DOJ release notes. In a message posted in July 2020, one user said the ransomware was "very powerful" and claimed that he had used it to infect a network of roughly 3000 computers.

In December 2020, another user wrote a post in Russian: "We have been working with this product for over a month now, we have a good profit! Best support I've met."

Earlier this month, law enforcement agents interviewed a relative of Zagala who lives in Florida and whose PayPal account was used by Zagala to receive illicit proceeds.

According to the DOJ, the relative confirmed that Zagala lives in Venezuela and had taught himself computer programming. The relative also showed agents contact information for Zagala that matched the registered email for malicious infrastructure associated with the Thanos ransomware.

Zagala, who remains in Venezuela, faces up to 10 years in prison for attempted computer intrusions and conspiracy charges if brought to justice in the United States.

Medscape was unable to reach Zagala for comment

https://www.medscape.com/viewarticle/974229
 
Posts: 17708 | Location: Stuck at home | Registered: January 02, 2015Reply With QuoteReport This Post
Shaman
Picture of ScreamingCockatoo
posted Hide Post
Ransomware is very complex. He didn't just program this all on his own.
He obtained code on the dark web or someone supplied it to him to assemble.





He who fights with monsters might take care lest he thereby become a monster.
 
Posts: 39950 | Location: Atop the cockatoo tree | Registered: July 27, 2002Reply With QuoteReport This Post
Invest Early, Invest Often
Picture of TomV
posted Hide Post
Tough times when you can't make ends meet as a Cardiologist in Venezuela.
 
Posts: 1385 | Location: Escaped California...Now In Sunny, Southern Utah | Registered: February 15, 2003Reply With QuoteReport This Post
Member
Picture of jbcummings
posted Hide Post
quote:
Our actions today will prevent Zagala from further victimizing users," Driscoll said


How? This guy lives in Venezuela and nothing was said about him being in custody. Seems unlikely the government down there might cooperate. So how does naming him stop him? DOJ patting themselves on the back?


———-
Do not meddle in the affairs of wizards, for thou art crunchy and taste good with catsup.
 
Posts: 4306 | Location: DFW | Registered: May 21, 2012Reply With QuoteReport This Post
Member
posted Hide Post
I'm sure the Venezuelan gov't will be doing back flips to assist the US feds. Roll Eyes
 
Posts: 2560 | Location: WI | Registered: December 29, 2012Reply With QuoteReport This Post
Member
posted Hide Post
Send in a team, locate him and shoot the son of a bitch. Way cheaper than trying to extradite, try and house him.


End of Earth: 2 Miles
Upper Peninsula: 4 Miles
 
Posts: 16572 | Location: Marquette MI | Registered: July 08, 2014Reply With QuoteReport This Post
Member
posted Hide Post
But. But. That's not how a Liberal Political Operations works, Yooper. You have to have a investigation, a Trial. Then appeals. Then further appeals. And then review the evidence to see if any thing was real in it.
That's now how things are done in a Democratic Society.


Remember the 1st rule. It's always loaded.
 
Posts: 108 | Location: Richmond, Virginia | Registered: November 30, 2015Reply With QuoteReport This Post
Web Clavin Extraordinaire
Picture of Oat_Action_Man
posted Hide Post
Just as side note, which I found quaintly ironic:

The screen names he was using for himself mean "Plaguebearer" (nosophoros) in Greek while Aesculapius was the physician god. Both possible ways of referring to Apollo who was paradoxically both a bringer and curer of disease.

Pointedly suitable for a doctor who also create computer viruses.


----------------------------

Chuck Norris put the laughter in "manslaughter"

Educating the youth of America, one declension at a time.
 
Posts: 19837 | Location: SE PA | Registered: January 12, 2001Reply With QuoteReport This Post
  Powered by Social Strata  
 

SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Cardiologist Faces US Federal Charges for Hacking, Ransomware

© SIGforum 2024