‘Thanos’ Ransomware Builder Was Designed by a Physician

First detected in February 2020, the Thanos ransomware was advertised for sale on dark web forums. Using a built-in constructor, the Thanos ransomware lets actors make changes to the sample according to their preferences. A Thanos version was used in assaults on two state-owned institutions in the Middle East and North Africa, which we think of with high confidence.

What Happened?

The United States Department of Justice announced today that a cardiologist named Moises Luis Zagala Gonzalez (Zagala), who is 55 years old and lives in Ciudad Bolivar, Venezuela, rented the Jigsaw and Thanos ransomware programs to individuals who commit cybercrime.


Zagala, also known as Nosophoros, Aesculapius, and Nebuchadnezzar, provided help to other cybercriminals who purchased the ransomware and shared the earnings made from victims all around the globe.

A criminal complaint was unsealed today in federal court in Brooklyn, New York, charging Moises Luis Zagala Gonzalez (Zagala), also known as “Nosophoros,” “Aesculapius” and “Nebuchadnezzar,” a citizen of France and Venezuela who resides in Venezuela, with attempted computer intrusions and conspiracy to commit computer intrusions.  The charges stem from Zagala’s use and sale of ransomware, as well as his extensive support of, and profit sharing arrangements with,

Read More: https://heimdalsecurity.com/blog/thanos-ransomware-builder-was-designed-by-a-physician/