U.S. authorities said Moises Luis Zagala Gonzalez, a 55-year-old cardiologist of French and Venezuelan citizenship living in Venezuela, created and rented out the notorious Jigsaw and Thanos ransomware ransomware to other hackers.
Let me also remind you that we reported that the US State Department Announces $10 Million Reward for Information on Sandworm Hackers.According to the US Department of Justice, Zagala, who used the aliases Nosophoros, Aesculapius and Nebuchadnezzar online, not only rented out his malware, but also offered support and training to cybercriminals, and then shared profits with them – ransoms received from victims around the world.
It should be noted that the Jigsaw ransomware has not been active since the fall of 2021, and even at that time its activity was very low. In addition, a free decryptor is available for it, created by Emsisoft experts.
Thanos, in turn, worked on the Ransomware-as-a-Service model (“Ransomware-as-a-service”, RaaS) and was advertised on Russian-language hacker forums. The malware allowed Zagala’s partners to create their own ransomware using a special constructor.
Thanos Builder
Bleeping Computer notes that Nosophoros not only operated an affiliate program in which cybercriminals shared profits from ransomware attacks with him, but also licensed Thanos using a license server hosted in North Carolina.
According to ID-Ransomware, Thanos activity almost ceased to appear in February 2022, and the malware builder leaked to VirusTotal in June 2021.
Journalists also remind that some samples of Thanos were previously marked as Prometheus, Haron and Hakbit malware. This was due to various extensions used by the associates of the Venezuelan doctor. However, researchers from Recorded Future have long noticed that this is the same malware.
US authorities report that in May 2022, law enforcement agents were able to definitively link Zagala to the Thanos attacks when they interviewed one of his relatives, who received part of the illegal extortion proceeds using a PayPal account.
The man also gave investigators contact information stored on his phone, which Nosophoros used to register part of the infrastructure for Thanos.
If convicted, Zagale faces up to five years in prison for attempted computer network intrusion and five years in prison for conspiracy to intrude on computer networks.