- About Us
- IT Services
- IT Security
- Cloud Services
- Who We Help
- Contact Us
The U.S. Department of Justice says that Moises Luis Zagala Gonzalez — a 55-year-old Venezuelan cardiologist — is the alleged creator of Jigsaw v.2 and Thanos ransomware strain.
The self-taught developer allegedly designed two ransomware packages to encrypt files on victims’ systems before demanding ransom in exchange for a decryption key. The cardiologist built ransomware tools such as:
Criminals could use the Thanos platform to develop ransomware with custom ransom features that would frustrate security researchers and a “data stealer center” that they’d use to steal files from compromised systems.
The cardiologist allegedly profited from running the RaaS operation by selling his software to other cybercriminals and obtaining payments in bitcoin.
Apart from developing the ransomware, Gonzalez went ahead to advertise and sell it on cybercriminals’ internet forums. The cardiologist would then sell his ransomware tool to criminals targeting businesses.
Surprisingly, he allegedly offered excellent technical support for customers who had difficulty deploying attacks. If an attacker found Zagala’s platform not working correctly, they would send an email to Dr. Gonzalez for help to deploy the attack.
Zagala, also known as Jay Tee, pleaded guilty to conspiracy to commit wire fraud in August 2019. The FBI says that the cardiologist began developing ransomware in 2016.
In 2017, he and his conspirators launched the Jigsaw ransomware, which encrypts a victim file and asks for a ransom to be paid in bitcoin to decrypt the files.
The FBI further insisted that Zagala then created a 2.0 version of Jigsaw ransomware designed to update the older ransomware program. He then developed a ransomware-creation tool called Thanos.
According to the plea agreement, the Jigsaw v.2 ransomware has encrypted over 500,000 files, while the Thanos strain targeted healthcare facilities globally. Zagala admitted that he and his conspirators caused more than $5 million in losses to victims globally.
If Gonzalez is extradited to the U.S. to face charges, law enforcement will have a major victory in the fight against cybercrime.
Such incidences emphasize how aggressive cybercriminals are. The Thanos variant allows ransomware authors to inject malicious software into Windows genuine processes, which are usually whitelisted.
Such a variant can encrypt files by bypassing security solutions.
You need several security layers to protect your business from several techniques used by advanced ransomware. You never know where and when the threat is going to come from. You need to prepare and be ready to bounce back if successfully hit by ransomware.
Colorado Computer Support can constantly watch your system to protect your business and customers. With the changing and evolving cybersecurity threats, hackers continuously look for vulnerabilities to exploit.
We can help you have a multi-layered system to take a preventive approach. Contact us today for help in protecting your business against cybersecurity threats.