'Most Wanted' Man Pleads Guilty in Cyberattack That Rocked Vermont Hospital
A Ukrainian man pleaded guilty in federal court Thursday for his leading role in two cyberattacks that caused tens of millions of dollars in losses and temporarily crippled a Vermont hospital in 2020, the Justice Department said.
Prosecutors said Vyacheslav Igorevich Penchukov, 37, was the leader of an organization that began infecting thousands of corporate computers with malicious software in May 2009, and that he helped lead a separate malware scheme that began around November 2018.
Mr. Penchukov, of Donetsk, pleaded guilty in the U.S. District Court in Nebraska to one count of conspiracy to commit an offense in violation of the Racketeer Influenced and Corrupt Organizations Act and one count of conspiracy to commit wire fraud. He was arrested in Switzerland in 2022 and extradited to the United States in 2023. A lawyer for Mr. Penchukov could not be found because the court file was sealed.
The Ministry of Justice said this that Mr. Penchukov helped run “a massive racketeering enterprise and conspiracy” that installed malicious software known as Zeus from 2009 on thousands of business computers. The malware allowed the company to collect information used to log into online banking accounts, including passwords and personal identification numbers.
Mr. Penchukov and other members of the group then portrayed themselves as employees of the companies authorized to transfer money from the accounts they targeted, causing millions of dollars in losses, according to the Justice Department.
The money was deposited into the accounts of residents of the United States and other countries known as “money mules,” and those people then sent it to offshore accounts controlled by Mr. Penchukov and other members of the group, the ministry said of Justice.
Mr. Penchukov was charged with these crimes in 2012 while still at large, according to an indictment unsealed in 2014.
On Thursday, Mr. Penchukov also pleaded guilty to his leadership role in the separate malware scheme that ran from at least November 2018 to February 2021, federal prosecutors said.
The malware, known as IcedID or Bokbot, was installed on computers to collect victims' personal information, including bank account information, and the data was used to steal from them, the Justice Department said. IcedID also allowed the cybercriminals to install more malware on infected computers, including ransomware, which is used to lock digital information until the victim pays for its release.
Targets of these ransomware attacks included the University of Vermont Medical Center, which lost more than $30 million, according to the Department of Justice. An attack on the hospital in 2020 “also left the medical center unable to provide many critical patient services for more than two weeks, creating a risk of death or serious bodily harm to patients,” the Justice Department said .
Employees at the University of Vermont Medical Center told The New York Times in November 2020 that the attack had forced the hospital to turn away hundreds of cancer patients and that staff had to search through written documents to find important information.
In September 2023, the medical center's president, Dr. Stephen Leffler, testified in the House of Representatives and said the hospital was unable to access electronic medical records for 28 days due to the attack.
“We had no internet” said dr. Leffler. “We had no telephones. It affected radiological imaging and laboratory results.”
The hospital said in a statement that it was “proud of our team's work to provide the best possible care while the investigation and restoration were underway.”
Mr. Penchukov was also known as Vyacheslav Igoravich Andreev and Tank, an online nickname according to the Justice Department. He had been in the FBI Cyber's Most Wanted List for almost a decade.
Mr. Penchukov's sentencing is scheduled for May 9. He faces 20 years in prison for each charge.