20 May U.S. Prosecutors Accuse Doctor in Venezuela of Creating and Selling Malicious Software Used for Ransomware Attacks

U.S. prosecutors have accused a 55-year-old Venezuelan doctor of creating and selling widely used malicious software that cybercriminals used in extortion or ransomware attempts at multiple organizations.

Moises Luis Zagala Gonzalez is accused of creating a type of ransomware that burst onto the cybercriminal scene in 2019 and was used in multiple high-profile attacks on organizations in the Middle East, including some incidents involving Iranian government hackers.

Justice Department officials accused Zagala of building an elaborate cybercrime enterprise, in which he had an economic and reputational personal interest in having his software used in successful hacks. The cardiologist continued to see patients while trafficking ransomware, according to the Justice Department.

An unusual case in ransomware

Zagala’s case is unusual because he is much older than the typical cybercriminal suspect. Zagala, who U.S. prosecutors say lives in the Venezuelan city of Ciudad Bolivar, also debunks the stereotype of ransomware actors from Eastern Europe and Russia.

“We allege that Zagala not only created and sold ransomware products to hackers but also trained them in their use,” Michael Driscoll, deputy director in charge of the FBI’s New York Field Office, said in a statement.

Zagala could not be reached for comment. The prospects of Zagala being detained and extradited are uncertain and the U.S. and Venezuelan governments have been at odds for years.

As part of the U.S. investigation into Zagala, the FBI surreptitiously bought access to one of its hacking tools and relied on confidential informants in the cybercriminal world to build a case, the Justice Department said.