US prosecutors have accused a 55-year-old Venezuelan doctor of creating and selling widely used malicious software that cybercriminals used in extortion attempts on multiple organizations.
Moises Luis Zagala Gonzalez is charged with building a type of ransomware that burst on the cybercriminal scene in 2019 and was used in multiple high-profile hacks on organizations in the Middle East, including some incidents tied to Iranian government hackers.
Justice Department officials accused Zagala of building up an elaborate cybercriminal enterprise, in which he took a vested economic and reputational interest in his software being used in successful hacks. The cardiologist continued to see patients while trafficking in ransomware, according to the Justice Department.
Zagala’s case is unusual in that he is far older than the typical cybercriminal suspect. Zagala, whom US prosecutors said lives in the Venezuela city of Ciudad Bolivar, also belies the stereotype of ransomware actors hailing from Eastern Europe and Russia.
“We allege Zagala not only created and sold ransomware products to hackers, but also trained them in their use,” Michael Driscoll, assistant-director-in-charge of the FBI’s New York Field Office, said in a statement.
Zagala could not be reached for comment. The prospects of Zagala being apprehended and extradited to the US are uncertain and the US and Venezuelan governments have been at odds for years.
As part of the US investigation into Zagala, the FBI surreptitiously bought access to one of his hacking tools and relied on confidential informants in the cybercriminal world to build a case, the Justice Department said.