Most Wanted Man Pleads Guilty in Cyberattack That Shocked Vermont Hospital
A Ukrainian man pleaded guilty Thursday in federal court to his leadership role in two cyberattack schemes that caused tens of millions of dollars in losses and temporarily paralyzed a Vermont hospital in 2020, according to the Justice Department.
Prosecutors said Vyacheslav Igorevich Penchukov, 37, was a leader of an organization that in May 2009 began infecting thousands of company computers with malware, and which he helped lead a separate malware program that began around November 2018.
Mr. Penchukov, of Donetsk, pleaded guilty in U.S. District Court in Nebraska to one count of conspiracy to commit an offense violating the Racketeer Influenced and Corrupt Organizations Act and one count of charge of conspiracy to commit wire fraud. He was arrested in Switzerland in 2022 and extradited to the United States in 2023. It was not possible to find a lawyer for Mr. Penchukov because the court file was sealed.
The Department of Justice said that Mr. Penchukov helped run “a vast racketeering enterprise and conspiracy” that installed malware known as Zeus on thousands of business computers, starting in 2009. The malware allowed the company to collect information used to log into online banking accounts, including passwords and personal identification numbers.
Mr. Penchukov and other members of the group then presented themselves as employees of the companies authorized to transfer money from the accounts they targeted, causing losses of millions of dollars, according to the Justice Department.
The money was deposited into the accounts of residents of the United States and other countries, known as “money mules,” and these people then sent it to overseas accounts managed by Mr. Penchukov and other members of the group, according to the Justice Department.
Mr Penchukov was charged with these offenses in 2012 while he was still at large, according to an indictment made public in 2014.
On Thursday, Mr. Penchukov also pleaded guilty to his leadership role in the separate malware scheme that ran from at least November 2018 to February 2021, according to federal prosecutors.
The malware, known as IcedID or Bokbot, was installed on computers to collect victims’ personal information, including their bank account credentials, and the data was used to steal them, according to the ministry of Justice. IcedID also allowed cybercriminals to install more malware on infected computers, including ransomware, used to lock digital information until the victim pays for its release.
Targets of these ransomware attacks included the University of Vermont Medical Center, which lost more than $30 million, according to the Department of Justice. An attack on the hospital in 2020 also “left the medical center unable to provide many essential services to patients for more than two weeks, creating a risk of death or serious bodily harm to patients,” the Ministry of Health said. Justice.
Workers at the University of Vermont Medical Center told The New York Times in November 2020 that the attack forced the hospital to turn away hundreds of cancer patients and forced staff to search through written records to find important information.
In September 2023, the medical center’s president, Dr. Stephen Leffler, testified before the House of Representatives and said the hospital did not have access to electronic medical records for 28 days due to the attack.
“We didn’t have the Internet” Dr. Leffler said. “We didn’t have a telephone. This impacted radiological imaging and laboratory results.
The hospital said in a statement that it was “proud of our team’s work to provide the best possible care while the investigation and restoration was underway.”
Mr. Penchukov was also known as Vyacheslav Igoravich Andreev and Tank, an online nickname, according to the Justice Department. He was on the FBI list List of most wanted cybercriminals for almost a decade.
Mr. Penchukov’s sentencing is scheduled for May 9. He faces up to 20 years in prison on each charge.