Venezuelan Cardiologist
Notorious Ransomware Maker

The U.S. Names and Shames a Venezuelan Cardiologist as a Notorious Ransomware Maker

Key Points:

• The FBI has named a Venezuelan heart doctor the alleged mastermind of the notorious Thanos and Jigsaw version ransomware.
• The Justice Department says that the 55-years old cardiologist developed and distributed Jigsaw and Thanos software that allowed attackers to deploy their ransomware variant.
• Luis Gonzalez allegedly rented out and sold ransomware tools to attackers starting in 2019, teaching the attackers how to use the tools.
• What makes him unique is that he provides extensive technical support for people buying his software in case they face problems deploying attacks against victims.

The U.S. Department of Justice says that Moises Luis Zagala Gonzalez — a 55-year-old Venezuelan cardiologist — is the alleged creator of Jigsaw v.2 and Thanos ransomware strain.

According to a U.S. criminal complaint unsealed on May 16th, 2022, Gonzalez allegedly engaged in attempted computer intrusion and conspiracy to commit computer intrusion.

Hear From Our
Happy Clients

Read Our Reviews

Selling Ransomware as a Service (RaaS) Platform

The self-taught developer allegedly designed two ransomware packages to encrypt files on victims’ systems before demanding ransom in exchange for a decryption key. The cardiologist built ransomware tools such as:

• Jigsaw Version 2
• Thanos — a more sophisticated ransomware builder named after Marvel super villain

Criminals could use the Thanos platform to develop ransomware with custom ransom features that would frustrate security researchers and a “data stealer center” that they’d use to steal files from compromised systems.

The cardiologist allegedly profited from running the RaaS operation by selling his software to other cybercriminals and obtaining payments in bitcoin.

An Extreme Approach to Ransomware Attack

Apart from developing the ransomware, Gonzalez went ahead to advertise and sell it on cybercriminals’ internet forums. The cardiologist would then sell his ransomware tool to criminals targeting businesses.

Surprisingly, he allegedly offered excellent technical support for customers who had difficulty deploying attacks. If an attacker found Zagala’s platform not working correctly, they would send an email to Dr. Gonzalez for help to deploy the attack.

The Damage The Two Ransomware Strain Caused

Zagala, also known as Jay Tee, pleaded guilty to conspiracy to commit wire fraud in August 2019. The FBI says that the cardiologist began developing ransomware in 2016.

In 2017, he and his conspirators launched the Jigsaw ransomware, which encrypts a victim file and asks for a ransom to be paid in bitcoin to decrypt the files.

The FBI further insisted that Zagala then created a 2.0 version of Jigsaw ransomware designed to update the older ransomware program. He then developed a ransomware-creation tool called Thanos.

According to the plea agreement, the Jigsaw v.2 ransomware has encrypted over 500,000 files, while the Thanos strain targeted healthcare facilities globally. Zagala admitted that he and his conspirators caused more than $5 million in losses to victims globally.

If Gonzalez is extradited to the U.S. to face charges, law enforcement will have a major victory in the fight against cybercrime.

Your Business Needs to Have Several Security Layers

Such incidences emphasize how aggressive cybercriminals are. The Thanos variant allows ransomware authors to inject malicious software into Windows genuine processes, which are usually whitelisted.

Such a variant can encrypt files by bypassing security solutions.

You need several security layers to protect your business from several techniques used by advanced ransomware. You never know where and when the threat is going to come from. You need to prepare and be ready to bounce back if successfully hit by ransomware.

Colorado Computer Support Will Help Your Business Protect Itself From Cyberattacks

Colorado Computer Support can constantly watch your system to protect your business and customers. With the changing and evolving cybersecurity threats, hackers continuously look for vulnerabilities to exploit.

We can help you have a multi-layered system to take a preventive approach. Contact us today for help in protecting your business against cybersecurity threats.