The person at the center of this case
Multiple corporate and institutional victims of ransomware extortion
Cold Case · Open
3 years waiting · since 2022
MOISES LUIS ZAGALA GONZALEZ
Justice for Multiple corporate and institutional victims of ransomware extortion — the trail went cold in 2022, but the truth hasn't.
Start here
Key leads to think about
🎯
suspect
Lead #1Where is Moises Luis Zagala Gonzalez currently located and what aliases might he be using?
🔍
evidence
Lead #2How many organizations and companies were victimized by the Jigsaw v. 2 and Thanos ransomware variants?
📞
contact
Lead #3Who were the individuals and organizations that purchased licenses or participated in the affiliate program?
Moises Luis Zagala Gonzalez allegedly designed and sold ransomware tools including 'Jigsaw v. 2' and 'Thanos' between April 2019 and March 2021, extorting millions from companies by encrypting their files and demanding ransom payments. He profited through direct sales, monthly licensing fees, and an affiliate program that gave him a cut of each ransom paid by victims. A federal arrest warrant was issued in May 2022, but Zagala Gonzalez remains at large, and investigators seek information on his whereabouts and any individuals or organizations that may have purchased or used his ransomware tools.
Case
#793
Federal Bureau of Investigation (FBI); U.S. District Court, Eastern District of New York
Try asking
Claim this imported case
A one-time $10 claim transfers this imported case workspace to your account. You get 10 uploads for this case, 25 daily AI questions for this case, and public tips with files route to you.
10 uploads25 AI questions/day
This does not start a subscription. When the included limits are reached, the Personal plan unlocks more workspace capacity.
More leads to consider
Beyond the top three above — each detail below could be the thread that pulls this case open.
💡
clue
Lead #4What cryptocurrency wallets or financial accounts received ransom payments from victims?
👤
person
Lead #5Are there associates or co-conspirators who helped design, market, or distribute these ransomware tools?
Have information about any of these leads?
Even the smallest detail could be the key to solving this case.
Official wording
Source Narrative
Attempted Computer Intrusions; Conspiracy to Commit Computer Intrusions Caution: From April of 2019, to March of 2021, Moises Luis Zagala Gonzalez allegedly designed and offered for sale multiple ransomware tools. Those tools included a ransomware variant called “Jigsaw v.
2,” which was used to extort money from companies and institutions by encrypting victim files and demanding a ransom for the decryption, as well as “Thanos,” a “Private Ransomware Builder” that was designed to evade antivirus software and has the ability to target specific files by extension. Zagala Gonzalez profited from these alleged actions, including by licensing the “Thanos” software to individuals who paid him a monthly fee and by operating an “affiliate” program in which Zagala Gonzalez received a portion of the ransom payment extorted from the victim.
A federal arrest warrant was issued for Zagala Gonzalez in the United States District Court, Eastern District of New York, Brooklyn, New York, on May 16, 2022, after he was charged with Attempted Computer Intrusions and Conspiracy to Commit Computer Intrusions.
Timeline of Events
📋
2019-04-01
Ransomware Development Begins
Moises Luis Zagala Gonzalez allegedly begins designing and offering ransomware tools for sale
📋
2021-03-31
Ransomware Sales End
Alleged ransomware sales and distribution activities conclude
🕵️
2022-05-16
Federal Arrest Warrant Issued
Federal arrest warrant issued in U.S. District Court, Eastern District of New York for Attempted Computer Intrusions and Conspiracy to Commit Computer Intrusions
Key Locations
Interactive map showing important locations related to this case
Case Information
Incident:April 1, 2019
Last Updated:April 29, 2026
Leave a comment
Comments
Case Information
Incident:April 1, 2019
Last Updated:April 29, 2026