US Claims a Heart Doctor Has Been Busy Creating Ransomware

pcmag.com:

The US wants to arrest a heart doctor in Venezuela for allegedly moonlighting as a ransomware developer. 

On Monday, the Justice Department unsealed(Opens in a new window) a criminal complaint against 55-year-old Moises Luis Zagala Gonzalez that claims he’s the author behind two ransomware strains called Jigsaw v.2 and Thanos. According to federal investigators, Zagala not only sold and rented out the ransomware tools to cybercriminals starting in 2019, but also taught them how to use the programs.

“Zagala provides extensive customer service along with his software, counseling his customers about how most effectively to use his software against their victims,” the criminal complaint reads. 

The FBI claims Zagala created a 2.0 version of the Jigsaw ransomware that was designed to update the older ransomware program, which had been created by others. He also developed a ransomware creation tool dubbed Thanos(Opens in a new window) after the Marvel supervillain. 

The features of Thanos include customizing the ransom note, selecting which files the ransomware should encrypt and various options to help mask the malicious code from antivirus detection. 

Zagala sold Thanos by renting out the tool through a licensing model. He also created an affiliate program around Thanos, which involved letting a cybercriminal use the tool in exchange for a share of profits from each successful ransomware attack. 

Zagala advertised Thanos in various online forums used by cybercriminals. “In public advertisements for the program, Zagala bragged that ransomware made using Thanos was nearly undetectable by antivirus programs, and that ‘once encryption is done,’ the ransomware would ‘delete itself,’ making detection and recovery ‘almost