On Monday, the U.S. Attorney’s Office for the Eastern District of New York revealed criminal charges against 55 year-old cardiologist Moises Luis Zagala Gonzalez of Cuidad Bolivar, Venezuela accusing him of being the mastermind behind the prolific Thanos malware.
The inditement alleges he “designed multiple ransomware tools—malicious software that cybercriminals use to extort money from companies, nonprofits and other institutions, by encrypting those files and then demanding a ransom for the decryption keys. Zagala sold or rented out his software to hackers who used it to attack computer networks..”
According to a DOJ press release, beginning in late 2019, Gonzalez took to online cybercrime forums to market a new product he’d built. It was a ransomware builder – software that helps other cybercriminals more easily design their own, custom ransomware programs. Gonzalez called it “Thanos.”
Thanos came with a bevy of handy features: a data stealer, a self-delete function, a field for writing custom ransom messages, and an anti-virtual machine tool designed to outsmart the testing environments security researchers might use to analyze such malware.
Cybercriminals could purchase a subscription to this malware or participate in an “affiliate program.” Under that model, customers would receive free access. In exchange, they’d share a portion of their earnings with Gonzalez.
Gonzalez – who went by the handles “Nosophoros,” “Aesculapius” and “Nebuchadnezzar” – is part of a growing list of accused cybercriminals that operate outside the United States and create a challenge to law enforcement.
Investigators “may know who a cybercriminal is but lack the jurisdiction to make an arrest,” said Mollie MacDougall, director of threat intelligence at Cofense, wrote to Threatpost. “Engaging at a diplomatic level to enhance law enforcement cooperation with nations that house these cyber criminals is a critical step. However, not every nation is a willing partner.”