Cardiologist allegedly created and sold ransomware tools to hackers
The United States Department of Justice (DOJ) has accused a Moises Luis Zagala Gonzalez, a 55-year-old cardiologist in Venezuela, of creating and selling ransomware tools used to extort victims. He was officially charged with attempted computer intrusions and conspiracy to commit computer intrusions. The criminal complaint was unsealed on May 16 in a federal court in Brooklyn, New York.
Zagala — who went by the nicknames “Aesculapius,” “Nosophoros” and “Nebuchadnezzar” — also allegedly trained cybercriminals how to use the ransomware and made agreements to receive a share of any profits.
One of the ransomware tools Zagala allegedly designed, known as “Thanos,” allowed his customers to design their own ransomware software, which they could then use themselves or rent out to other cybercriminals. An Iranian state-sponsored hacking group used Thanos to attack various Israeli companies, according to the DOJ.
“We allege Zagala not only created and sold ransomware products to hackers, but also trained them in their use,” Michael J. Driscoll, assistant director-in-charge of the FBI’s New York Field Office, said in an official statement. “Our actions today will prevent Zagala from further victimizing users. However, many other malicious criminals are searching for businesses and organizations that haven't taken steps to protect their systems — which is an incredibly vital step in stopping the next ransomware attack.”
“Combating ransomware is a top priority of the DOJ and of this office,” added Breon Peace, U.S. attorney for the Eastern District of New York. “If you profit from ransomware, we will find you and disrupt your malicious operations.”
The FBI communicated with Zagala through a confidential human source in May 2020. In October of that same year, that source received a “short tutorial” from Zagala about how to establish a crew of hackers to use the ransomware. The cardiologist also allegedly discussed his process with this FBI source, noting that “almost all” big networks he attacks end up paying the ransom.
Zagala faces up to five years in prison for the attempted computer intrusion charges and up to five years in prison for the conspiracy to commit computer intrusions charges.
Related Cybersecurity and Ransomware Content:
U.S. government, American Hospital Association warn of potential Russian cyber attacks
Health data breaches increased three-fold in 2021
Likelihood of cardiac devices being hacked is low — but stakeholders should remain vigilant
Data breaches linked to more fatal MIs