How Choosing the Right Printer Helps Small Businesses and Content Creators to Save Time, Maximise Productivity and Achieve GrowthRead more Eritrea: World Breastfeeding WeekRead more Eritrean community festival in Scandinavian countriesRead more IOM: Uptick in Migrants Heading Home as World Rebounds from COVID-19Read more Network International & Infobip to offer WhatsApp for Business Banking Services to Financial Institution Clients across AfricaRead more Ambassador Jacobson Visits Gondar in the Amhara Region to Show Continued U.S. Support for the Humanitarian and Development Needs of EthiopiansRead more Voluntary Repatriation of Refugees from Angola to DR Congo ResumesRead more Senegal and Mauritania Are Rich in Resources, Poor in Infrastructure, Now Is the Time to Change That Read more Madinat Jumeirah: Dubai’s Stunning Four Hotel Beach Resort Offers Unirvalled Benefits for Summer StaycationsRead more Measles: EU Provides €450,000 in Humanitarian Response to Measles Outbreaks in SomaliaRead more

US accuses Venezuela doctor of selling ransomware to cybercriminals

show caption
Ransomware allegedly sold by a Venezuelan-French doctor would encrypt information on the computers that had been hacked, then the attackers would demand money to decrypt it./AFP
Print Friendly and PDF

May 17, 2022 - 03:30 AM

NEW YORK — A French-Venezuelan cardiologist was accused Monday by the US of selling ransomware to cybercriminals and instructing them on how to extort money from the victims they hacked.

The Brooklyn district attorney’s office said Moises Luis Zagala, 55, who lives in the Venezuelan city of Ciudad Bolivar, “not only created and sold ransomware products to hackers, but also trained them in their use.”

It said the French-Venezuelan doctor “sold the tools for conducting ransomware attacks, trained the attackers about how to extort victims, and then boasted about successful attacks, including by malicious actors associated with the government of Iran.”

The ransomware would encrypt information on the computers that had been hacked, then the attackers would demand money to decrypt it.

One of the first products developed by Zagala was a data hijacking program called “Jigsaw v. 2”, which had a “doomsday” counter that kept track of the times the user had tried to destroy it.

“If the user kills the ransomware too many times, then it’s clear he won’t pay so better erase the whole hard drive,” Zagala instructed his clients, according to the US authorities.

In early 2019, Zagala began advertising his new tool on the web, a “Private Ransomware Builder” which he named “Thanos” after the Marvel Comics villain responsible for destroying the half of life in the universe, as well as Thanatos in Greek mythology, associated with death.

The “multi-tasking doctor,” as the Brooklyn DA described him, allowed criminals to either buy the program — and create their own customized ransom notes — or to join an “affiliate program” to gain access to the program in exchange for a share of the ill-gotten gains, which could be paid in cryptocurrency or regular cash.

His preferred aliases were “Aesculapius,” referring to the ancient Greek god of medicine, and “Nosophoros,” which means “sickness” in Greek.

Zagala allegedly boasted in specialized hacker forums that the Thanos program was practically undetectable by antivirus programs and that once the encryption was finished the program would self-delete, making it almost impossible for the victim to be able to detect it and retrieve their documents.

Zagala even asked his clients “if you have time and it’s not too much trouble” to rate their experience online.

If found guilty, he could be sentenced to 10 years in jail.

LMBCBUSINESS.COM uses both Facebook and Disqus comment systems to make it easier for you to contribute. We encourage all readers to share their views on our articles and blog posts. All comments should be relevant to the topic. By posting, you agree to our Privacy Policy. We are committed to maintaining a lively but civil forum for discussion, so we ask you to avoid personal attacks, name-calling, foul language or other inappropriate behavior. Please keep your comments relevant and respectful. By leaving the ‘Post to Facebook’ box selected – when using Facebook comment system – your comment will be published to your Facebook profile in addition to the space below. If you encounter a comment that is abusive, click the “X” in the upper right corner of the Facebook comment box to report spam or abuse. You can also email us.