Ukrainian Cybercriminal Pleads Guilty in Multimillion-Dollar Cybercrime Schemes

Vyacheslav Igorevich Penchukov, a Ukrainian national, has pleaded guilty to charges related to his involvement in two expansive cybercrime operations that resulted in losses amounting to tens of millions of dollars.

Acting Assistant Attorney General Nicole M. Argentieri of the Justice Department’s Criminal Division highlighted Penchukov's leadership in two prolific malware groups responsible for infecting thousands of computers with malicious software. The criminal enterprises orchestrated by Penchukov included the theft of millions of dollars from victims and a ransomware attack on a major hospital, causing critical care disruptions for over two weeks.

Prior to his arrest and extradition to the United States, Penchukov had been a fugitive on the FBI's most wanted list for almost a decade. According to court documents, Penchukov, also known as Vyacheslav Igoravich Andreev and Tank, played a key role in a racketeering enterprise and conspiracy that initiated in May 2009, infecting thousands of business computers with the "Zeus" malware. The enterprise used "Zeus" to capture sensitive information such as bank account details, passwords, and personal identification numbers. Subsequently, Penchukov and his co-conspirators deceived banks into making unauthorized transfers from victims' accounts, resulting in multimillion-dollar losses. The enterprise employed residents of the United States and elsewhere as "money mules" to facilitate the movement of funds.

Charged in the District of Nebraska and added to the FBI’s Cyber Most Wanted List, Penchukov orchestrated a return to criminal activities by leading a conspiracy involving the IcedID and Bokbot malware from November 2018 through February 2021. IcedID, a sophisticated form of malicious software, collected personal information, including banking credentials, leading to substantial financial losses. The malware also facilitated ransomware attacks, exemplified by an incident at the University of Vermont Medical Center, resulting in a loss of over $30 million and critical service disruptions for over two weeks. Penchukov faces charges related to these offenses in the Eastern District of North Carolina.

Penchukov was apprehended in Switzerland in 2022 and subsequently extradited to the United States in 2023.

Penchukov has pleaded guilty to charges, including conspiracy to commit a racketeer influenced and corrupt organizations (RICO) act offense for his involvement in the "Zeus" enterprise and conspiracy to commit wire fraud for his leadership role in the IcedID malware group. Scheduled for sentencing on May 9, he faces a maximum penalty of 20 years in prison for each count.