This Monday, the United States Department of Justice has raised several accusations against a Venezuelan cardiologist for being the author of Thanos Ransomware, which has been wreaking havoc in the world since its first appearance. What no one expected is that a renowned doctor from Venezuela was the mastermind behind all these illegal acts. Learn all the details in the following article.
Dr. Zagala created, marketed, and built a community around Thanos Ransomware
Moises Luis Zagala Gonzalez, also known by the monikers Nosophoros, Aesculapius, and Nebuchadnezzar, is being accused of designing, building, and marketing ransomware to other cybercriminals. This ransomware managed to facilitate access to systems, and then these hackers shared the profits in bitcoins with it. If proven guilty, he would face 10 years in prison for the following charges: attempted computer intrusion and conspiracy to commit computer intrusions.
“The multi-tasking doctor treated patients, created and named his cyber tool after death (Thanatos), profited from a global ransomware ecosystem in which he sold the tools for conducting ransomware attacks, trained the attackers about how to extort victims, and then boasted about successful attacks, including by malicious actors associated with the government of Iran,” U.S. attorney Breon Peace said.
To put it simply, Thanos is a private ransomware builder that allows other cybercriminals to create their own ransomware. In fact, by doing so, they become affiliated with the system, which creates an entire ecosystem where each party makes its own profits. Recorded Future conducted an analysis in June 2020, showing that Thanos has 43 configuration options and was the first ransomware to bypass the security measures established in Windows 10.
Zagala was found due to his darknet marketing techniques, where he offered the RaaS (ransomware-as-a-service) for $500 with its basic options and for $800 with all the option settings. But thanks to an FBI informant who managed to infiltrate this ecosystem, Zagala was discovered.
“On or about May 1, 2020, a confidential human source of the FBI (CHS-1) discussed joining Zagala’s ‘affiliate program,'” the DoJ said. “Zagala responded: ‘Not for now. Don’t have spots,’” before proceeding to license the software to CHS-1 and helping the informant with tutorials on how to use the software and set up an affiliate crew.
Until now, it is known that Zagala continues to reside in Venezuela, only that he was tracked thanks to the PayPal account of a relative who resides in Miami. This individual confirmed the residence of the doctor and that everything he has learned about programming has been done by himself, without neglecting his responsibilities as a doctor.
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Photo by JESHOOTS.COM on Unsplash.
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp