FBI charges Venezuelan doctor with using, selling ‘Thanos’ ransomware

Zagala's products were widely praised by customers.
Thanos himself. (Antman3001/Flickr)

The FBI announced charges Monday against a Venezuelan cardiologist that the bureau said was moonlighting as a cybercriminal mastermind, both designing and using ransomware that he bragged was deployed by Iranian state-sponsored hackers.

Moises Luis Zagala Gonzalez, who also went by the user names “Nosophoros,” “Aesculapius” and “Nebuchadnezzar,” is being charged with attempted computer intrusions and conspiracy to commit computer intrusions.

According to the complaint unsealed Monday, Zagala sold and rented out his ransomware software, providing cybercriminals with extensive training on how to use his product and even set up their own ransomware gangs.

One of his tools, titled “Thanos,” allowed users to create their own custom ransomware for a licensing fee of up to $800 a month. Another product, called “Jigsaw v. 2” had a built-in “Doomsday” counter feature that erased a victim’s hard drive after multiple attempts to remove the ransomware.

FBI screenshot of the Thanos software

Zagala’s products were widely praised by customers. One customer claimed in an online forum he used the Thanos software to infect 3,000 computers. Another Russian user praised Zagala’s customer support: “We have been working with this product for over a month now, we have a good profit! Best support I’ve met.” 

Zagala was also active on forums and discussed attacks that used his software, including an alleged attack by an Iranian state-sponsored group against Israeli companies.

Law enforcement agents were able to track Zagala down through a relative whose PayPal account he used to receive proceeds from his services.

“Combating ransomware is a top priority of the Department of Justice and of this Office. If you profit from ransomware, we will find you and disrupt your malicious operations,” Breon Peace, U.S. Attorney for the Eastern District of New York, said in a statement.


Zagala faces up to five years on each charge.

CyberScoop could not immediate track down an attorney for Zagala.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts