An international cybercrime mastermind who compiled a long resumé of remote break-ins—including a hit that cost a major U.S. medical center $30 million—has pled guilty to two counts of conspiracy.
Vyacheslav Igorevich Penchukov, a Ukrainian national who went by the handle “Tank” online, was indicted on the twin counts in Nebraska Feb. 15, according to the U.S. Department of Justice.
Penchukov, who also used an alias surname, Andreev, seems to have hit his stride around 2009. That year, he led a racketeering enterprise that unleashed the infamous malware known as “Zeus.” With this, Penchukov and co-conspirators snaked their way into victims’ online bank accounts, pocketing millions.
Even after being placed on the FBI’s Cyber Most Wanted list, Penchukov continued to lead wide-ranging cybercrime activities for years.
One of the most damaging of these came in 2020, when Penchukov and fellow criminals targeted and breached internal networks at the 620-bed University of Vermont Medical Center. The attack, a ransomware ambush, forced the hospital’s EMR offline for 28 days and hindered numerous service lines during the height of the COVID pandemic.
The attack ended up costing the institution between $30 million and $65 million. (News accounts vary between those two amounts.)
The law caught up with Penchukov in 2022, when he was arrested in Switzerland. Officials there extradited him to the U.S. in 2023.
DOJ says the counts to which he pleaded guilty last week were:
- conspiracy to commit a racketeer influenced and corrupt organizations (RICO) act offense for his leadership role in the “Zeus” enterprise, and
- conspiracy to commit wire fraud for his leadership role in a group whose main malware product was a sophisticated cyberweapon called IcedID.
Penchukov faces a maximum of 20 years in prison for each of these counts.
“The Justice Department and FBI Cyber Squad won’t quit coming for the world’s most wanted cybercriminals, no matter where they are in the world,” says U.S. Attorney Michael Easley of the Eastern District of North Carolina, which had a hand in the prosecution and plea negotiation.
Easley adds:
“This operation removed a key player from one of the world’s most notorious cybercriminal rings. Extradition is real. Anyone who infects American computers had better be prepared to answer to an American judge.”
DOJ says Penchukov is scheduled to be sentenced May 9.