On May 16, the District Court for the Eastern District of New York unsealed an indictment against an individual for his alleged “use and sale of ransomware, as well as his extensive support of, and profit sharing arrangements with, the cybercriminals who use his ransomware programs.” The defendant Moises Luis Zagala Gonzalez is a cardiologist residing in Venezuela, is a citizen of France and Venezuela.
The unsealed indictment alleges that Zagala began advertising his Thanos software—a “private ransomware builder”—in late 2019. The software enabled users to create their unique ransomware software that could then be used or rented by other cybercriminals. It is alleged that Zagala offered customers this software either through a license agreement or an “affiliate program”—where a user is granted access to the Thanos software in exchange for a share of profits from future ransomware operations. Zagala is alleged to have advertised the software on various online forums popular with cybercriminals and provided customers with in-depth explanations such as “how to design a ransom note.” Zagala also publicly discussed the positive reviews he received from customers regarding their ransomware attacks, “including by linking to a news story about an Iranian state-sponsored hacking group’s use of Thanos to attack Israeli companies.”
The grand jury charged the defendant with one count of attempted computer intrusions and one count of conspiracy to commit computer intrusions, each count carries up to five years imprisonment. You can read the full indictment here or below.