US prosecutors have accused 55-year-old Venezuelan cardiologist Moises Luis Zagala Gonzalez, also known as Nosophoros, Aesculapius and Nebuchadnezzar, of being the mastermind behind a slew of notorious ransomware.
According to Justice Department officials, Zagala is alleged to have set up a cybercriminal enterprise in which he held an economic and reputational interest in his software being used in successful cyber attacks.
“We allege Zagala not only created and sold ransomware products to hackers, but also trained them in their use. Our actions today will prevent Zagala from further victimizing users,” assistant director-in-charge Michael Driscoll said.
“Many other malicious criminals are searching for businesses and organizations that haven’t taken steps to protect their systems — which is an incredibly vital step in stopping the next ransomware attack.”
Some of Zagala’s associated ransomware products include Jigsaw, and private ransomware builder Thanos.
Jigsaw has been around since 2016, and is known for its dramatic means of pressuring victims to pay up fast, stealing the idea from the 2004 movie Saw, where characters have to solve puzzles within a time limit or face fatal consequences. Meanwhile, Thanos — named presumably after the Marvel supervillain — first appeared in 2019, allowing users to build their own ransomware.
In 2020, while investigating security incidents at several Israeli prominent organisations, security researchers from ClearSky and Profero said they linked the use of the Thanos ransomware to MuddyWater, a known Iranian state-sponsored hacking group.
“Combating ransomware is a top priority of the Department of Justice and of this Office. If you profit from ransomware, we will find you and disrupt your malicious operations,” said US Attorney Breon Peace.
Despite this, if convicted, Zagala only faces up to five years’ imprisonment for attempted computer intrusion, and five years’ imprisonment for conspiracy to commit computer intrusions.