HomeNewsRansomware Built in Venezuela Used to Target Institutions Across Latin America

Ransomware Built in Venezuela Used to Target Institutions Across Latin America


Venezuela has emerged as a potential base for the development of ransomware tools to cybercriminals after one man was charged with designing software used to carry out a range of cyberattacks.

Earlier this month, Moises Luis Zagala Gonzalez, from Bolivar City, was charged in the Eastern District Court of New York for attempted computer intrusions and conspiracy to commit intrusions owing to his "use and sale of ransomware, as well as his extensive support of, and profit sharing arrangements with, the cybercriminals who used his ransomware programs."

SEE ALSO: Major Ransomware Attacks in Peru and Costa Rica Spell More Trouble for Region

Going by aliases 'Nosophoros,' 'Aesculapia' and more recently 'Nebuchadnezzar,' the cardiologist had amassed a long list of criminal clients over the years.

He primarily offered clients access to a tool for creating fully customizable ransomware programs known as 'Thanos'. Additionally, he leased and operated his own ransomware program known as 'Jigsaw v. 2', reportedly charging $500 a month to use the software and $3,000 for the underlying source code.

Zagala's Thanos program was used as the model for a slew of offshoots that plague international institutions. Prometheus, Haron and Midas are all variants of Zagala's original program that dabble in this extortive economy. Prometheus in particular, has a long list of Latin American victims with a special appetite for institutions in Chile and Brazil.

For several years, undercover agents with the US Federal Bureau of Investigation (FBI) tracked his business as well as the dedicated cybercrime team he himself allegedly led.

According to the FBI, Zagala sold his Thanos ransomware builder to at least 38 clients, accepting payments via PayPal and cryptocurrencies, including at least one "Iranian state-sponsored hacking group," according to the criminal complaint.

InSight Crime Analysis

Ransomware as a Service (RaaS) has been widely used to target companies and institutions across Latin America for their sensitive data. It also provides a low barrier to entry, thus fueling the proliferation of ransomware programs.

Zagala's Thanos tool fits this mold perfectly.

Boasting a wide array of customization features and the added benefit of continued tech support from Zagala himself, the ransomware builder gives cybercriminals access to a new frontier of victims even if they themselves are not expert hackers. "Numerous users responded to Zagala... posting that they had used the software and praising its quality," stated FBI agent Chris Clarke in his testimony.

For Steph Shample, a cybersecurity expert and fellow at the Middle East Institute, RaaS providers are opening the floodgates for further data theft and extortion, especially in an internet space as poorly regulated as Latin America's.

Shample explained "these RaaS actors can essentially cater and do absolutely everything for you. If you can pay that fee to have more of the hand-holding; plus the fact that that it's all remote means anybody can purchase their tools to conduct ransomware attacks."

SEE ALSO: Latin American Governments Easy Prey for Ransomware During COVID-19

In July 2021, one report detailed how Prometheus had been used to target a wide range of victims in Brazil, Mexico, Peru and Chile, including government institutions, customs agencies, financial institutions and private companies.

Brazilian private and public institutions report the largest portion of attacks from ransomware gangs. In 2020, the country accounted for nearly half of all such reported attacks in the region with Mexico and Colombia trailing behind.

This regional disparity may also be due in part to more consistent attention paid to the issue in those countries. Shample noted "Colombia and Brazil are a little bit better in terms of cyber security," but that their high rates of connectivity make for nice potential targets in "finance, supply chains and the manufacturing sector."

share icon icon icon

Was this content helpful?

We want to sustain Latin America’s largest organized crime database, but in order to do so, we need resources.


What are your thoughts? Click here to send InSight Crime your comments.

We encourage readers to copy and distribute our work for non-commercial purposes, with attribution to InSight Crime in the byline and links to the original at both the top and bottom of the article. Check the Creative Commons website for more details of how to share our work, and please send us an email if you use an article.

Was this content helpful?

We want to sustain Latin America’s largest organized crime database, but in order to do so, we need resources.


Related Content


The escalating violence between security forces and a gang that formerly enjoyed official protection in Venezuela's foremost mining region shows…


The decision by the United States to sanction Tareck El Aissami, the recently-appointed vice president of Venezuela, for his alleged…


While unrest gripped much of Latin America in 2019, it was the coronavirus that took center stage and ripped through…

About InSight Crime


Who Are Memo Fantasma and Sergio Roberto de Carvalho?

24 JUN 2022

Inside the criminal career of Memo Fantasma  In March 2020, InSight Crime revealed the identity and whereabouts of Memo Fantasma, a paramilitary commander and drug trafficker living in…


Environmental and Academic Praise

17 JUN 2022

InSight Crime’s six-part series on the plunder of the Peruvian Amazon continues to inform the debate on environmental security in the region. Our Environmental Crimes Project Manager, María Fernanda Ramírez,…


Series on Plunder of Peru’s Amazon Makes Headlines

10 JUN 2022

Since launching on June 2, InSight Crime’s six-part series on environmental crime in Peru’s Amazon has been well-received. Detailing the shocking impunity enjoyed by those plundering the rainforest, the investigation…


Duarte’s Death Makes Waves

3 JUN 2022

The announcement of the death of Gentil Duarte, one of the top dissident commanders of the defunct Revolutionary Armed Forces of Colombia (FARC), continues to reverberate in Venezuela and Colombia.


Cattle Trafficking Acclaim, Investigation into Peru’s Amazon 

27 MAY 2022

On May 18, InSight Crime launched its most recent investigation into cattle trafficking between Central America and Mexico. It showed precisely how beef, illicitly produced in Honduras, Guatemala…