A Ukrainian man pleaded responsible in federal courtroom on Thursday to his management position in two cyberattack schemes that precipitated tens of tens of millions of {dollars} in losses and briefly crippled a Vermont hospital in 2020, in keeping with the Justice Department.
Prosecutors stated that Vyacheslav Igorevich Penchukov, 37, was a pacesetter for a company that in May 2009 started to contaminate hundreds of computer systems at companies with malicious software program, and that he helped lead a separate malware scheme that started round November 2018.
Mr. Penchukov, of Donetsk, pleaded responsible in the U.S. District Court in Nebraska to 1 rely of conspiracy to commit an offense that violated the Racketeer Influenced and Corrupt Organizations Act and one rely of conspiracy to commit wire fraud. He was arrested in Switzerland in 2022 and was extradited to the United States in 2023. A lawyer for Mr. Penchukov couldn’t be discovered as a result of the courtroom file was sealed.
The Justice Department stated that Mr. Penchukov helped lead “a wide-ranging racketeering enterprise and conspiracy” that put in malicious software program often called Zeus onto hundreds of enterprise computer systems, beginning in 2009. The malware allowed the enterprise to gather info used to log into on-line banking accounts, together with passwords and private identification numbers.
Mr. Penchukov and different members of the group then portrayed themselves as staff of the companies who had been licensed to switch cash from the accounts they focused, inflicting tens of millions of {dollars} in losses, in keeping with the Justice Department.
The cash was deposited into the accounts of residents of the United States and different nations who had been often called “money mules,” and people folks then despatched it to abroad accounts that had been run by Mr. Penchukov and different members of the group, in keeping with the Justice Department.
Mr. Penchukov had been charged for these offenses in 2012 whereas he was nonetheless at massive, in keeping with an indictment that was unsealed in 2014.
On Thursday, Mr. Penchukov additionally pleaded responsible to his management position in the separate malware scheme that ran from no less than November 2018 to February 2021, in keeping with federal prosecutors.
The malware, often called IcedID or Bokbot, was put in on computer systems to gather private info from victims, together with checking account credentials, and the information was used to steal from them, in keeping with the Justice Department. IcedID additionally allowed the cybercriminals to put in extra malware on contaminated computer systems, together with ransomware, which is used to lock digital info till the sufferer pays for its launch.
The targets of those ransomware assaults included the University of Vermont Medical Center, which misplaced greater than $30 million, in keeping with the Justice Department. A 2020 assault on the hospital additionally “left the medical center unable to provide many critical patient services for over two weeks, creating a risk of death or serious bodily injury to patients,” the Justice Department stated.
Workers on the University of Vermont Medical Center advised The New York Times in November 2020 that the assault had compelled the hospital to ship away lots of of most cancers sufferers and required employees to look by means of written data to seek out essential info.
In September 2023, the medical heart’s president, Dr. Stephen Leffler, testified in the House of Representatives, and stated that the hospital didn’t have entry to digital medical data for 28 days due to the assault.
“We didn’t have internet,” Dr. Leffler stated. “We didn’t have phones. It impacted radiology imaging, laboratory results.”
The hospital stated in an announcement that it was “proud of our team’s work to provide the best possible care while the investigation and restoration were underway.”
Mr. Penchukov was often known as Vyacheslav Igoravich Andreev and Tank, a web-based nickname, in keeping with the Justice Department. He had been on the F.B.I.’s Cyber’s Most Wanted List for almost a decade.
Mr. Penchukov’s sentencing is scheduled for May 9. He faces as much as 20 years in jail for every rely.