A Ukrainian man was accused in federal court on Thursday of leading roles in two cyber attack schemes that caused tens of millions of dollars in losses and temporarily crippled a Vermont hospital in 2020, according to the Department of Justice. Pleaded guilty to having committed the crime.
Prosecutors said Vyacheslav Igorevich Penchukov, 37, was the leader of an organization that began infecting thousands of companies' computers with malicious software in May 2009 and around November 2018. He is said to have helped lead another malware project that began in .
Mr. Penchukov, a Donetsk resident, pleaded guilty in the U.S. District Court for the District of Nebraska to one count of conspiracy to violate the Racketeering Influenced and Corrupt Organizations Act and one count of conspiracy to commit wire fraud. He was arrested in Switzerland in 2022 and extradited to the United States in 2023. An attorney for Mr. Penchukov could not be found because court documents were sealed.
The Justice Department said Mr. Penchukov helped lead an “extensive extortion enterprise and conspiracy” starting in 2009 that installed malicious software known as Zeus on thousands of company computers. The malware allowed companies to collect information used to log in online. Bank accounts, including passwords and personal identification numbers.
According to the Justice Department, Penchukov and others posed as employees of companies authorized to transfer money from targeted accounts, causing millions of dollars in losses.
The funds were deposited into accounts of residents of the United States and other countries, known as “money mules,” who then transferred them to overseas accounts run by Mr. Penchukov and other members of the group. Department of Justice.
According to an indictment unsealed in 2014, Penchukov was charged with these crimes in 2012, when he was still at large.
Penchukov also pleaded guilty Thursday to his leadership role in another malware scheme that ran from at least November 2018 to February 2021, according to federal prosecutors.
The malware, known as IcedID or Bokbot, was installed on computers to collect personal information from victims, such as bank account credentials, and that data was used to steal from victims, according to the Department of Justice. IcedID also allows cybercriminals to install more malware on infected computers, such as ransomware, which is used to lock digital information until the victim pays for its release. Ta.
Targets of these ransomware attacks included the University of Vermont Medical Center, which suffered losses of more than $30 million, according to the Department of Justice. The 2020 attack on the hospital also “left the medical center unable to provide many critical patient services for more than two weeks and put patients at risk of death or serious injury,” the Justice Department said.
Officials at the University of Vermont Medical Center told the New York Times in November 2020 that the attack forced the hospital to transport hundreds of cancer patients and forced staff to scour written records to find critical information. He said he needed to investigate.
In September 2023, the medical center's director, Dr. Stephen Loeffler, testified before the House of Representatives and said the hospital was unable to access electronic medical records for 28 days because of the attack.
“There was no Internet,” says Dr. Leffler. “We didn't have a phone call. It affected radiology imaging and test results.”
“We are proud of our team's commitment to providing the best possible care while the investigation and recovery is ongoing,” the hospital said in a statement.
Penchukov was also known by his online nicknames Vyacheslav Igoravich Andreev and Tank, according to the Justice Department. He was on the FBI's Most Wanted Cyber List for nearly a decade.
Penchukov's sentencing is scheduled for May 9, and he faces up to 20 years in prison on each charge.
