Ransomware built in Venezuela used to target institutions across Latin América

Entornointeligente.com /

By Insight Crime ※ Scott Mistler-Ferguson May 24, 2022 Earlier this month, Moises Luis Zagala González, from Bolívar City, was charged in the Eastern District Court of New York for attempted computer intrusions and conspiracy to commit intrusions owing to his «use and sale of ransomware, as well as his extensive support of, and profit sharing arrangements with, the cybercriminals who used his ransomware programs.»

¿Quieres recibir nuestro exclusivo boletín informativo en tu correo? ¡Suscríbete a #BoletinPatilla! Going by aliases ‘Nosophoros,’ ‘Aesculapia’ and more recently ‘Nebuchadnezzar,’ the cardiologist had amassed a long list of criminal clients over the years.

He primarily offered clients access to a tool for creating fully customizable ransomware programs known as ‘Thanos’. Additionally, he leased and operated his own ransomware program known as ‘Jigsaw v. 2’, reportedly charging $500 a month to use the software and $3,000 for the underlying source code.

Zagala’s Thanos program was used as the model for a slew of offshoots that plague international institutions. Prometheus, Haron and Midas are all variants of Zagala’s original program that dabble in this extortive economy. Prometheus in particular, has a long list of Latin American victims with a special appetite for institutions in Chile and Brazil.

For several years, undercover agents with the US Federal Bureau of Investigation (FBI) tracked his business as well as the dedicated cybercrime team he himself allegedly led.

According to the FBI, Zagala sold his Thanos ransomware builder to at least 38 clients, accepting payments via PayPal and cryptocurrencies, including at least one «Iranian state-sponsored hacking group,» according to the criminal complaint.

Read More: Insight Crime ※ Ransomware built in Venezuela used to target institutions across Latin América …

La Patilla in English