{"id":4640,"date":"2022-05-17T22:45:45","date_gmt":"2022-05-17T17:15:45","guid":{"rendered":"https:\/\/qadit.com\/blog\/?p=4640"},"modified":"2022-05-17T22:45:45","modified_gmt":"2022-05-17T17:15:45","slug":"medical-doctor-charged-with-creating-the-thanos-ransomware-builder","status":"publish","type":"post","link":"https:\/\/qadit.com\/blog\/medical-doctor-charged-with-creating-the-thanos-ransomware-builder\/","title":{"rendered":"Medical doctor charged with creating the Thanos ransomware builder"},"content":{"rendered":"<p><a href=\"https:\/\/qadit.com\/blog\/wp-content\/uploads\/2022\/05\/image.png\" rel=\"attachment wp-att-4641\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/qadit.com\/blog\/wp-content\/uploads\/2022\/05\/image.png\" alt=\"\" title=\"image-png\" width=\"300\" height=\"300\" class=\"alignnone size-medium wp-image-4641\" srcset=\"https:\/\/qadit.com\/blog\/wp-content\/uploads\/2022\/05\/image-150x150.png 150w, https:\/\/qadit.com\/blog\/wp-content\/uploads\/2022\/05\/image-100x100.png 100w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a>Venezuelan cardiologist allegedly tied to cybercrime scams through multiple OpSec mistakes<\/p>\n<p>A cardiologist turned alleged malware developer has been charged with creating the Thanos <a href=\"https:\/\/portswigger.net\/daily-swig\/ransomware\">ransomware<\/a> builder.<\/p>\n<p>Moises Luis Zagala Gonzalez, 55, a citizen of France and Venezuela who resides in Ciudad Bolivar, Venezuela, engaged in attempted computer intrusions and conspiracy to commit computer intrusions, according to a <a href=\"https:\/\/www.justice.gov\/usao-edny\/pr\/hacker-and-ransomware-designer-charged-use-and-sale-ransomware-and-profit-sharing\">US criminal complaint<\/a> that was unsealed on Monday (May 16).<\/p>\n<p>Zagala is alleged to have both sold and leased ransomware packages he developed to <a href=\"https:\/\/portswigger.net\/daily-swig\/cybercrime\">cybercriminals<\/a>.<\/p>\n<p>He is also accused of training would-be attackers on how to use his wares to extort victims, and subsequentially boasted about successful attacks, according to US prosecutors.<\/p>\n<h3>RaaS platform<\/h3>\n<p> The self-taught part-time programmer allegedly designed several ransomware tools, malicious packages designed to encrypt files on a compromised systems before demanding extortionate payments in exchange for a decryption key.<\/p>\n<p>Zagala developed a ransomware tool called \u2018Jigsaw v.2\u2019 before designing a more sophisticated private ransomware builder called Thanos, a reference to either the Marvel supervillain or the figure \u2018Thanatos\u2019 from Greek mythology, according to the DoJ.<\/p>\n<p>The Thanos platform could be used to develop ransomware campaigns with custom ransom notes, features designed to frustrate security researchers and a \u201cdata stealer\u201d facility that could be used to extract files from compromised systems.<\/p>\n<p>Zagala allegedly profited from the ransomware-as-a-service (Raas) operation by licensing his software to other cybercriminals, obtaining payments in either <a href=\"https:\/\/portswigger.net\/daily-swig\/cryptocurrency\">cryptocurrency<\/a> or fiat currencies.<\/p>\n<p>The ransomware products and services allegedly offered by Zagala were advertised and marketed through online forums frequented by cybercriminals.<\/p>\n<h3>OpSec mistakes<\/h3>\n<p> A number of <a href=\"https:\/\/portswigger.net\/daily-swig\/opsec\">OpSec<\/a> mistakes allowed investigators to identify Zagala as a suspect, the DoJ said.<\/p>\n<p>In September 2020, an undercover FBI agent allegedly purchased a license for Thanos from Zagala and downloaded the software. In addition, an FBI informant spoke with Zagala about the possibility of establishing an affiliate program using Thanos, according to the DoJ filing.<\/p>\n<p>In addition, Zagala is said to have publicly boasted about how an <a href=\"https:\/\/portswigger.net\/daily-swig\/iran\">Iranian<\/a> state-sponsored hacking group\u2019s use of Thanos to attack Israeli companies.<\/p>\n<p>The Thanos software was designed to make periodic contact with a server in Charlotte, North Carolina, to check on licences. This system was apparently linked back to Zagala.<\/p>\n<p>Moreover, a Florida-based relative of Zagala was interviewed by law enforcement on May 3, 2022, and admitted that their PayPal account was used by Zagala to receive illicit funds.<\/p>\n<p>According to the DoJ, the relative used an email address to contact Zagala that matched the registered email for malicious infrastructure associated with the Thanos <a href=\"https:\/\/portswigger.net\/daily-swig\/malware\">malware<\/a>.<\/p>\n<p>Prosecutors do not state how much Zagala made from his alleged malfeasance, but if convicted the suspect faces up to five years\u2019 imprisonment for attempted computer intrusion, and five years\u2019 imprisonment for conspiracy to commit computer intrusions.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Venezuelan cardiologist allegedly tied to cybercrime scams through multiple OpSec mistakes A cardiologist turned alleged malware developer has been charged with creating the Thanos ransomware builder. Moises Luis Zagala Gonzalez, 55, a citizen of France and Venezuela who resides in Ciudad Bolivar, Venezuela, engaged in attempted computer intrusions and conspiracy to commit computer intrusions, according &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/qadit.com\/blog\/medical-doctor-charged-with-creating-the-thanos-ransomware-builder\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Medical doctor charged with creating the Thanos ransomware builder&#8221;<\/span><\/a><\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[1],"tags":[],"class_list":["post-4640","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9AH7Q-1cQ","_links":{"self":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4640","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/comments?post=4640"}],"version-history":[{"count":1,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4640\/revisions"}],"predecessor-version":[{"id":4642,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4640\/revisions\/4642"}],"wp:attachment":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/media?parent=4640"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/categories?post=4640"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/tags?post=4640"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}