NEW YORK – A French-Venezuelan cardiologist was accused yesterday by the United States of selling ransomware to cybercriminals and instructing them on how to extort money from the victims they hacked.
The Brooklyn district attorney’s office said Moises Luis Zagala, 55, who lives in the Venezuelan city of Ciudad Bolivar, “not only created and sold ransomware products to hackers, but also trained them in their use”.
It said the French-Venezuelan doctor “sold the tools for conducting ransomware attacks, trained the attackers about how to extort victims, and then boasted about successful attacks, including by malicious actors associated with the government of Iran”.
The ransomware would encrypt information on the computers that had been hacked, then the attackers would demand money to decrypt it.
One of the first products developed by Zagala was a data hijacking programme called “Jigsaw v. 2”, which had a “doomsday” counter that kept track of the times the user had tried to destroy it.
“If the user kills the ransomware too many times, then it’s clear he won’t pay so better erase the whole hard drive,” Zagala instructed his clients, according to the US authorities.
In early 2019, Zagala began advertising his new tool on the web, a “Private Ransomware Builder” which he named “Thanos” after the Marvel Comics villain responsible for destroying half of life in the universe, as well as Thanatos in Greek mythology, associated with death.
The “multi-tasking doctor”, as the Brooklyn DA described him, allowed criminals to either buy the programme – and create their own customised ransom notes – or to join an “affiliate programme” to gain access to the programme in exchange for a share of the ill-gotten gains, which could be paid in cryptocurrency or regular cash.
His preferred aliases were “Aesculapius”, referring to the ancient Greek god of medicine, and “Nosophoros”, which means "sickness" in Greek.
Zagala allegedly boasted in specialised hacker forums that the Thanos programme was practically undetectable by antivirus programmes and that once the encryption was finished the programme would self-delete, making it almost impossible for the victim to be able to detect it and retrieve their documents.
Zagala even asked his clients “if you have time and it’s not too much trouble” to rate their experience online.
If found guilty, he could be sentenced to 10 years in jail. – AFP, May 17, 2022
.jpg)
