Vyacheslav Igorevich Penchukov, a Ukrainian hacker known as “Tank” has been sentenced to two concurrent 9-year prison terms by a U.S. federal court in Lincoln, Nebraska. for his role in a prolific cybercrime gang that stole tens of millions of dollars from small businesses.
The 38 year-old individual, pleaded guilty to two charges of conspiracy to participate in racketeering and conspiracy to commit wire fraud. Judge John M. Gerrard sentenced also ordered him to pay more than $73 million in restitution and forfeited funds for these crimes.
‘Tank’ and JabberZeus Crew
Penchukov admitted to leading the Jabber Zeus hacking group, which used sophisticated malware to steal bank account information from small U.S. and European businesses. The group’s operations, which began in 2009, resulted in tens of millions of dollars in losses.
The FBI had been pursuing Penchukov for over a decade, and his capture in Switzerland in 2022 brought an end to his criminal spree. While leading the Jabber Zeus hacking cew, ‘Tank’ used the Zeus malware to infect computers and steal bank account information.
He also organized the IcedID malware, which collected financial details and allowed ransomware to be deployed on systems. Investigators found a spreadsheet detailing the $19.9 million income IcedID made in 2021.
The University of Vermont Medical Center was among the prominent victims of the IcedID malware, losing of over $30 million in the attack and rendering many of the critical patient services within the the institute as unavailable for more than two weeks. Penchukov had been charged in association with the attack by the law enforcement of the Eastern District of North Carolina.
In response to the incident, U.S. Attorney Michael Easley for the Eastern District of North Carolina stated, “Malware like IcedID bleeds billions from the American economy and puts our critical infrastructure and national security at risk.”
Last September, Dr. Stephen Leffler, President of the University of Vermont Medical Center had testified to the House of Representatives that the center was unable to access its own medical records for 28 days due to the incident.
Dr. Leffler stated, “We didn’t have internet.” He added. “We didn’t have phones. It impacted radiology imaging, laboratory results.” According to Dr. Leffler’s testimony, the medical center’s staff had rushed to purchase walkie-talkies to keep services running.
Penchukov appeared on the FBI’s most wanted cyber list for over a decade as the recognized leader of the cybercrime gang. Earlier, prosecutors had stated in court, “The defendant played a crucial role, a leadership role, in this scheme by directing and coordinating the exchange of stolen banking credentials and money mules.”
Jim Craig, a former FBI special agent who led the 2009 investigation into the Zeus cybercriminal group, expressed satisfaction with the outcome. Craig stated, “I never thought that we would ever see any of Jabber Zeus crew face justice in the U.S.”
Besides his involvement in cybercrime, Penchukov had also been identified as a popular DJ, who operated within Ukraine under the moniker of ‘DJ Slava Rich.’
Implications of Ruling
The prosecution of Penchukov represents a significant milestone in the fight against high-value cybercrime targets and the persistence of law enforcements against international jurisdictional challenges.
The Western law enforcement authorities are known to face challenges in prosecuting Eastern European cybercriminals, particularly those operating out of Russia or Ukraine, which do not have official extradition agreements with the US government.
Craig pointed out, “The significance of him being caught is important to show that law enforcement is not going to stop—wherever they go, there’s going to be a chance and opportunity for them to get caught.”
The case also raises questions about potential cooperation between Penchukov and authorities to aid ongoing cybercrime investigations, according to court documents both Penchukov’s own lawyer and the US government requested less severe sentences after he had pleaded guilty to two charges of conspiring to participate in racketeering and commitment of wire fraud.
Several charges were dropped against Penchukov following his signing of a plea agreement of which the details are publicly unknown.
