A cardiologist and alleged hacker and ransomware developer has been named in a criminal complaint filed in federal court in Brooklyn, New York.

According to a statement from the US Department of Justice (DOJ), 55-year-old Moises Luis Zagala Gonzalez, MD, is charged with creating and distributing ransomware with a "doomsday" clock and sharing in profits from ransomware attacks.

Zagala, also known as "Nosophoros," "Aesculapius," and "Nebuchadnezzar," is a citizen of France and Venezuela who currently lives in Ciudad Bolivar, Venezuela.

Breon Peace, US attorney for the Eastern District of New York, and Michael J. Driscoll, assistant director in charge of the FBI's New York Field Office, announced the charges.

"As alleged, the multitasking doctor treated patients, created and named his cyber tool after death, profited from a global ransomware ecosystem in which he sold the tools for conducting ransomware attacks, trained the attackers about how to extort victims, and then boasted about successful attacks, including by malicious actors associated with the government of Iran," Peace said in the news release from DOJ.

"We allege Zagala not only created and sold ransomware products to hackers, but also trained them in their use. Our actions today will prevent Zagala from further victimizing users," Driscoll said. "However, many other malicious criminals are searching for businesses and organizations that haven't taken steps to protect their systems — which is an incredibly vital step in stopping the next ransomware attack."

Ransomware tools are malicious software that cybercriminals use to extort money from companies, nonprofits, and other institutions by encrypting their files and then demanding a ransom for the decryption keys.

One of Zagala's early ransomware tools, called "Jigsaw v. 2," had what Zagala described as a doomsday counter that kept track of how many times the user tried to remove the ransomware. "If the user kills the ransomware too many times, then it's clear he won't pay so better erase the whole hard drive," Zagala wrote.

According to the DOJ, beginning in late 2019, Zagala began advertising a new tool as a "private ransomware builder," which he called Thanos. The name appears to be in reference to a fictional villain responsible for destroying half of all life in the universe and to "Thanatos" from Greek mythology, who is associated with death.

Zagala's Thanos software allows users to create their own unique ransomware software for personal use or to rent to other cybercriminals.

Zagala allegedly not only sold or rented out his ransomware tools to cybercriminals, but he also taught users how to deploy the tools, steal passwords from victim computers, and set up a Bitcoin address for ransom payments.

Zagala's customers were happy with his products, the DOJ release notes. In a message posted in July 2020, one user said the ransomware was "very powerful" and claimed that he had used it to infect a network of roughly 3000 computers.

In December 2020, another user wrote a post in Russian: "We have been working with this product for over a month now, we have a good profit! Best support I've met."

Earlier this month, law enforcement agents interviewed a relative of Zagala who lives in Florida and whose PayPal account was used by Zagala to receive illicit proceeds.

According to the DOJ, the relative confirmed that Zagala lives in Venezuela and had taught himself computer programming. The relative also showed agents contact information for Zagala that matched the registered email for malicious infrastructure associated with the Thanos ransomware.

Zagala, who remains in Venezuela, faces up to 10 years in prison for attempted computer intrusions and conspiracy charges if brought to justice in the United States.

Medscape was unable to reach Zagala for comment

https://www.medscape.com/viewarticle/974229

Ransomware is very complex. He didn't just program this all on his own.
He obtained code on the dark web or someone supplied it to him to assemble.

Tough times when you can't make ends meet as a Cardiologist in Venezuela.

quote:

Our actions today will prevent Zagala from further victimizing users," Driscoll said

How? This guy lives in Venezuela and nothing was said about him being in custody. Seems unlikely the government down there might cooperate. So how does naming him stop him? DOJ patting themselves on the back?

I'm sure the Venezuelan gov't will be doing back flips to assist the US feds.

Send in a team, locate him and shoot the son of a bitch. Way cheaper than trying to extradite, try and house him.

But. But. That's not how a Liberal Political Operations works, Yooper. You have to have a investigation, a Trial. Then appeals. Then further appeals. And then review the evidence to see if any thing was real in it.
That's now how things are done in a Democratic Society.

Just as side note, which I found quaintly ironic:

The screen names he was using for himself mean "Plaguebearer" (nosophoros) in Greek while Aesculapius was the physician god. Both possible ways of referring to Apollo who was paradoxically both a bringer and curer of disease.

Pointedly suitable for a doctor who also create computer viruses.