The person at the center of this case
Multiple corporate and institutional victims of ransomware attacks
Cold Case · Open
4 years waiting · since 2022
MOISES LUIS ZAGALA GONZALEZ
Justice for Multiple corporate and institutional victims of ransomware attacks — the trail went cold in 2022, but the truth hasn't.
Start here
Key leads to think about
🎯
suspect
Lead #1What is Moises Luis Zagala Gonzalez's current location and identity status?
🔍
evidence
Lead #2How many victims were impacted by Jigsaw v. 2 and Thanos ransomware, and what was the total financial loss?
💡
clue
Lead #3Who were the individuals and organizations that purchased licenses or participated in the affiliate program?
Moises Luis Zagala Gonzalez is wanted for designing and selling ransomware tools including 'Jigsaw v. 2' and 'Thanos' between 2019 and 2021, which were used to extort millions from companies and institutions. He profited by licensing the software, operating affiliate programs, and receiving portions of ransom payments from victims whose files were encrypted. A federal arrest warrant was issued in May 2022, and his whereabouts remain unknown, making continued investigation critical to disrupting ransomware-as-a-service operations.
Case
#793
Federal Bureau of Investigation (FBI); U.S. District Court, Eastern District of New York
Try asking
Claim this imported case
A one-time $10 claim transfers this imported case workspace to your account. You get 10 uploads for this case, 25 daily AI questions for this case, and public tips with files route to you.
10 uploads25 AI questions/day
This does not start a subscription. When the included limits are reached, the Personal plan unlocks more workspace capacity.
More leads to consider
Beyond the top three above — each detail below could be the thread that pulls this case open.
📞
contact
Lead #4Are there known associates or co-conspirators who assisted in the design, distribution, or operation of these ransomware tools?
🚗
vehicle
Lead #5What cryptocurrency wallets, payment methods, or financial accounts were used to receive ransom payments and licensing fees?
Have information about any of these leads?
Even the smallest detail could be the key to solving this case.
Official wording
Source Narrative
Attempted Computer Intrusions; Conspiracy to Commit Computer Intrusions Caution: From April of 2019, to March of 2021, Moises Luis Zagala Gonzalez allegedly designed and offered for sale multiple ransomware tools. Those tools included a ransomware variant called “Jigsaw v.
2,” which was used to extort money from companies and institutions by encrypting victim files and demanding a ransom for the decryption, as well as “Thanos,” a “Private Ransomware Builder” that was designed to evade antivirus software and has the ability to target specific files by extension. Zagala Gonzalez profited from these alleged actions, including by licensing the “Thanos” software to individuals who paid him a monthly fee and by operating an “affiliate” program in which Zagala Gonzalez received a portion of the ransom payment extorted from the victim.
A federal arrest warrant was issued for Zagala Gonzalez in the United States District Court, Eastern District of New York, Brooklyn, New York, on May 16, 2022, after he was charged with Attempted Computer Intrusions and Conspiracy to Commit Computer Intrusions.
Timeline of Events
📋
2019-04-01
Ransomware Design and Sale Period Begins
Moises Luis Zagala Gonzalez begins designing and offering ransomware tools for sale, including Jigsaw v. 2 and Thanos variants
📋
2021-03-31
Ransomware Operation Period Ends
End of alleged ransomware design, licensing, and affiliate program operations spanning approximately two years
🕵️
2022-05-16
Federal Arrest Warrant Issued
U.S. District Court, Eastern District of New York issues federal arrest warrant for Attempted Computer Intrusions and Conspiracy to Commit Computer Intrusions
Key Locations
Interactive map showing important locations related to this case
Case Information
Incident:April 1, 2019
Last Updated:May 19, 2026
Leave a comment
Comments
Case Information
Incident:April 1, 2019
Last Updated:May 19, 2026