A Ukrainian national, Vyacheslav Igorevich Penchukov, pleaded guilty to his involvement in two extensive malware schemes, resulting in tens of millions of dollars in losses. Argentieri emphasized Penchukov’s role in orchestrating extensive cybercrimes, highlighting the severity of the attacks on both financial institutions and critical infrastructure such as healthcare facilities. “Vyacheslav Igorevich Penchukov was a leader of two prolific malware groups that infected thousands of computers with malicious software. These criminal groups stole millions of dollars from their victims and even attacked a major hospital with ransomware, leaving it unable to provide critical care to patients for over two weeks,” said Acting Assistant Attorney General Nicole M. Argentieri of the Justice Department’s Criminal Division. “Before his arrest and extradition to the United States, the defendant was a fugitive on the FBI’s most wanted list for nearly a decade. Today’s guilty pleas should serve as a clear warning: the Justice Department will never stop in its pursuit of cybercriminals.” The guilty pleas reinforce the Justice Department’s commitment to holding cybercriminals accountable for their actions.
Court documents revealed that Penchukov had a key role to play a racketeering enterprise and conspiracy that utilized the “Zeus” malware, infecting thousands of business computers since May 2009. The enterprise, led by Penchukov, illicitly obtained bank account information, passwords, and personal identification numbers, causing millions of dollars in losses to victims. Penchukov and his co-conspirators, using residents of the United States and elsewhere as “money mules,” facilitated unauthorized fund transfers, redirecting funds overseas. Penchukov faced charges in the District of Nebraska and was added to the FBI’s Cyber Most Wanted List. Despite being on the FBI’s Cyber Most Wanted List, Penchukov engaged in another conspiracy involving the IcedID or Bokbot malware from November 2018 to February 2021. This sophisticated malware collected personal information from victims, leading to severe financial losses. One victim, the University of Vermont Medical Center, suffered a loss of over $30 million, rendering it unable to provide critical patient services for an extended period. Penchukov faced charges in the Eastern District of North Carolina.
“Malware like IcedID bleeds billions from the American economy and puts our critical infrastructure and national security at risk,” said U.S. Attorney Michael Easley for the Eastern District of North Carolina. “The Justice Department and FBI Cyber Squad won’t stand by and watch it happen, and won’t quit coming for the world’s most wanted cybercriminals, no matter where they are in the world. This operation removed a key player from one of the world’s most notorious cybercriminal rings. Extradition is real. Anyone who infects American computers had better be prepared to answer to an American judge.” Assistant Director Bryan Vorndran of the FBI’s Cyber Division echoed Easley’s sentiments, emphasizing the importance of a persistent and collaborative approach in apprehending cybercriminals. Vorndran acknowledged the joint efforts of public and private sectors, both domestically and globally, highlighting the successful removal of Penchukov as a cyber threat.
Penchukov, arrested in Switzerland in 2022 and extradited to the United States in 2023, pleaded guilty to conspiracy charges related to the “Zeus” and IcedID malware groups. He is scheduled to be sentenced on May 9, facing a maximum penalty of 20 years in prison for each count. The case is being investigated by the FBI Omaha and Charlotte Field Offices, with prosecutors from the Criminal Division’s Computer Crime and Intellectual Property Section and U.S. Attorneys from the District of Nebraska and the Eastern District of North Carolina handling the case. The Justice Department’s Office of International Affairs collaborated with the Swiss Federal Office of Justice to secure Penchukov’s arrest and extradition.
