COURT DOC: Foreign National Pleads Guilty to Role in Cybercrime Schemes Involving Tens of Millions of Dollars in Losses

February 20, 2024

“A Ukrainian national pleaded guilty today to his role in two separate and wide-ranging malware schemes involving tens of millions of dollars in losses.”

“’Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software. These criminal groups stole millions of dollars from their victims and even attacked a major hospital with ransomware, leaving it unable to provide critical care to patients for over two weeks,’ said Acting Assistant Attorney General Nicole M. Argentieri of the Justice Department’s Criminal Division.”

“According to court documents, Vyacheslav Igorevich Penchukov, also known as Vyacheslav Igoravich Andreev and Tank, 37, of Donetsk, helped lead a wide-ranging racketeering enterprise and conspiracy that infected thousands of business computers with malicious software known as ‘Zeus’ beginning in May 2009. After installing ‘Zeus’ without authorization on victims’ computers, the enterprise then used the malicious software to capture bank account information, passwords, personal identification numbers, and similar information necessary to log into online banking accounts. Penchukov and his co-conspirators then falsely represented to banks that they were employees of the victims and authorized to make transfers of funds from the victims’ bank accounts, causing the banks to make unauthorized transfers of funds from the victims’ accounts, resulting in millions of dollars in losses to the victims. The enterprise used residents of the United States and elsewhere as ‘money mules’ to receive wired funds from victims’ bank accounts into their own bank accounts, who then withdrew and wired funds overseas to accounts controlled by Penchukov’s co-conspirators.” 

“Penchukov was charged with these offenses in the District of Nebraska. Given the severity of the charges in the case and the harm posed to American victims, Penchukov was added to the FBI’s Cyber Most Wanted List.”

“Despite being added to the FBI’s Cyber Most Wanted List, Penchukov returned to criminal activity by helping lead a conspiracy that infected victim computers with IcedID or Bokbot, a new malware, from at least November 2018 through February 2021. IcedID was a sophisticated form of malicious software that collected and transmitted personal information from victims, including credentials for banking accounts. Penchukov and his co-conspirators used this information to steal from IcedID’s victims. IcedID also provided access to infected computers for other forms of malicious software, including ransomware. One such victim of this ransomware attack was the University of Vermont Medical Center, causing the loss of over $30 million from this victim alone, and left the medical center unable to provide many critical patient services for over two weeks, creating a risk of death or serious bodily injury to patients. Penchukov was charged with these offenses in the Eastern District of North Carolina.”

“Penchukov was arrested in Switzerland in 2022 and extradited to the United States in 2023.”

“Penchukov pleaded guilty to one count of conspiracy to commit a racketeer influenced and corrupt organizations (RICO) act offense for his leadership role in the ‘Zeus’ enterprise. Penchukov (as Andreev) also pleaded guilty to one count of conspiracy to commit wire fraud for his leadership role in the IcedID malware group. He is scheduled to be sentenced on May 9 and faces a maximum penalty of 20 years in prison for each count. A federal judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.” (Source: US Department of Justice)

Begin your free trial today.