U.S. Government Says Doctor Secretly Helped Create Ransomware For Iran

(FreedomBeacon.com)- New York authorities charged a Venezuelan doctor with inventing and licensing spyware used by cybercriminals, including those with links to Iran’s Islamist dictatorship.

Since coming to power, the Bolivarian Revolution has maintained close connections with the Iranian dictatorship. Now, along with China and Russia, Iran controls Venezuela’s foreign policy. Nicolás Maduro has received greater backing from Iran, including palliative oil supplies to deal with fuel shortages and negotiations with Iranian businesses to rehabilitate Venezuela’s refineries.

Prosecutors claim Zagala boasted about his clients, including a group that tried to target Israeli firms.

Zagala, headquartered in Ciudad Bolivar, Venezuela, reportedly uses the online names “Nosophoros,” “Aesculapius,” and “Nebuchadnezzar” to offer “Thanos” and “Jigsaw v.2,” both named after comic book and movie villains.

Ransomware encrypts a victim’s computer (or whole network) files, blocking access unless the victim pays a ransom charge for an unlock key. Usually, bitcoin is required as payment.

In many situations, ransomware includes a countdown timer to drive victims into paying before the deadline. If the victim refuses to pay or the period expires, the files remain encrypted and lost unless specialist decryption tools are available.

US Attorney for the Eastern District of New York Breon Peace stated on May 16 that the multi-tasking doctor treated patients, designed and named his cyberweapon after death, and benefited from a worldwide ransomware ecosystem by selling ransomware attack tools.

Peace says Zagala “taught attackers how to extort victims and boasted about successful assaults, including by Iranian actors.”

FBI officer Michael J. Driscoll said Zagala not only designed and marketed ransomware but also instructed hackers in its usage.
Zagala’s nefarious actions began in 2019 when he began selling his “Thanos” program, allowing users to construct custom ransomware to target victims.

The affidavit proves that Iranian firm MuddyWater deployed Zagala’s malware against Israeli businesses ClearSky and Profero in 2020. Before any damage could be done, these attacks were stopped.

Zagala’s malicious software was purportedly delivered as ransomware-as-a-service (RaaS), with a monthly licensing cost of $500 to $800. In exchange, Zagala would help purchasers employ the harmful tools. Zagala would form ‘affiliate agreements’ with buyers of his services, receiving a portion of the money extorted from victims as payment.