Charging Dr. Ransomware

Moises Luis Zagala Gonzalez, a 55-year-old Venezuelan cardiologist, has been charged with developing the Jigsaw v.2 and Thanos ransomware strains, which would make him one of the most productive ransomware developers in history. He supposedly became interested in hacking in the late 1990s in a reverse software engineering group, then took on ransomware as a side hustle and began developing ransomware around 2016. Around this time, he supposedly began developing ransomware and training hackers on how to use it.

Gonzalez has not been to trial or extradited to the U.S. to face these charges. He was charged in May, citing digital accounts in his name, which seems a bit sloppy for a criminal mastermind. A law professor from Utica NY reviewed the evidence against Gonzalez in the affidavit and said there needs to be a strong link between cyber evidence and his body for it to be conclusive, however, more evidence may be held by prosecutors than what is in the current affidavit.

Here are five talking points related to this unusual story:

1. Gonzalez is said to be the first U.S charge against someone with developing and selling ransomware. Needless to say, his age and background make him a highly unusual suspect as a ransomware developer.
   
   
2. Gonzalez is charged with “computer intrusions” where his ransomware has encrypted over 500,000 files in at least four hospitals in the U.S. and Canada.
   
   
3. The second strain of malware in the charge, Thanos, is actually a ransomware creation tool. It is brilliantly simple with a well-developed user interface making it attractive to less technical hackers and has several features to help it bypass and block many security tools.
   
   
4. Friends and family say they are surprised by this. Gonzalez comes from a successful family who include occupations in dentistry, law, and the national police. His family says these charges cannot be true. Gonzalez’s wife, a kidney doctor, says he is a family man who couldn’t lend himself to these types of attacks.
   
   
5. Gonzalez works at a private clinic in Venezuela. Venezuela has been in an economic crisis since 2010, which has been very hard on all sectors, and doctors are no exception. Demonstrators have been protesting food and water shortages as a result of government mismanagement and falling oil prices. It is said that doctors are making about $12/month, which could motivate someone to take on a lucrative moonlighting gig.

Sources:

https://www.malwarebytes.com/blog/news/2022/05/cardiologist-moonlighted-as-successful-ransomware-developer#:~:text=Moises%20Luis%20Zagala%2C%20cardiologist%20by,conspiracy%20to%20commit%20computer%20intrusions%22 

https://www.itnsgroup.com/cardiologist-turns-hacker/ 

Bank Information Security Podcast, August 11, 2022

The Ransomware Files Podcast, Dr. Ransomware, Part 1 & 2