Heart Doctor allegedly holds a secret identity as a ransomware developer

A cardiologist in Venezuela is believed to be the creator of the Thanos and Jigsaw v.2 ransomware strains. The accusations come from the United States and believe Moises Luis Zagala Gonzalez, a day cardiologist, may be living a double life as a ransomware developer.

Justice Department takes aim at 55-year-old cardiologist

The Ministry of Justice has just unsealed a criminal complaint filed against the 55-year-old cardiologist. The documents claim that Gonzalez, a cardiologist in Venezuela, is actually the author of two popular ransomware strains.

According to the PCMag story, federal investigators said Zagala sold and even rented the “ransomware tools to cybercriminals beginning in 2019” and even taught crooks lessons on how to use the programs.

Zagala provided customer service to buyers and renters of the ransomware

The complaint states that Zagala even provided customer service with its software showing its customers how to use it properly. Jigsaw 2.0, according to the FBI, was created by Zagala as an updated version of the previous ransomware.

The original Jigsaw 2.0 would have been created by other actors. Zagala also allegedly created the Thanos ransomware creation tool.

Thanos hid malicious code making detection extremely difficult

The Thanos tool allowed the crooks to customize different ransom notes along with the selection of which files would be encrypted or not. The tool also provided ways to help hide malicious code from antivirus software detection.

Zagala praised Thanos to scammers and even created an affiliate program around the ransomware tool. This allowed cybercriminals to use the tool and as payment, Zagala would be entitled to a share of the profits.

Zagala bragged about using Thanos in attacking Israeli businesses

Thanos was reportedly advertised by Zagala on different cybercriminal forums and bragged that he was undetectable by antivirus programs. He said that once the encryption is done, the ransomware will then make detection and recovery almost impossible by simply deleting itself, according to the DOJ.

Zagala even bragged about how the ransomware was so effective that it was used to attack Israeli businesses, as detailed in The Times of Israel, by a state-sponsored hacking group. The reason the FBI was able to identify Zagala was due to its investigations into payments made by cybercriminals who used the Thanos tool.

Read also : CISA Mandatory Patch List Removes Windows Flaw Because Microsoft Patch Causes Authentication Issues

FBI Reportedly Linked Paypal and Crypto Account to Zagala

The FBI was able to find a PayPal and crypto account allegedly registered on Zagala. They were also able to retrieve a Venezuelan driver’s license, Gmail and a residence address.

Although the whereabouts of the cardiologist remain unclear, the FBI has already applied for an arrest warrant for him. According to the complaint, Zagala had made trips to the United States in the past and could face “five years’ imprisonment for computer intrusion” and “five years’ imprisonment for conspiracy to commit computer intrusions”.

Related article: The ‘Roblox’ Trojan now infects PCs! Even business computers are at risk

This article belongs to Tech Times

Written by Urian B.

ⓒ 2021 TECHTIMES.com All rights reserved. Do not reproduce without permission.

Comments are closed.