Ukrainian faces decades in prison for leading prolific anti-malware campaign


A Ukrainian national has pleaded guilty to running two prolific malware programs and faces up to 40 years in prison.

The US Department of Justice (DoJ) said Vyacheslav Igorevich Penchukov was behind the Zeus and IcedID malware campaigns, which resulted in tens of millions of dollars in losses at thousands of organizations.

THE University of Vermont Medical Center was a victim of one of Penchukov’s campaigns in 2020. The ransomware attack prevented the center from providing many essential services to patients for more than two weeks and resulted in losses of more than $30 million.

Penchukov was stopped in Geneva, Switzerland, in October 2022 after nearly a decade on the FBI’s most wanted list of cybercriminals. He was extradited to the United States in 2023.

How Malware Campaigns Worked

The Zeus malware campaign began in May 2009, led by Penchukov and his co-conspirators, and quickly became the weapon of choice for criminals targeting financial institutions and their online customers.

The group would install the malware on victims’ computers, allowing them to capture bank account information, passwords, personal identification numbers, and other information needed to log into online banking accounts.

Penchukov and his associates then falsely represented to the banks that they were employees of the victim and authorized to transfer funds from their bank accounts. This led to banks making unauthorized fund transfers from these accounts.

Numerous “money mules” were used by the group to receive funds wired from victims’ bank accounts to their own bank accounts. These mules would then retreat and transfer funds abroad to accounts controlled by Penchukov’s co-conspirators.

Two members of the Zeus group pleaded guilty for their role in the November 2014 campaign and were sentenced to two years and 10 months in prison.

After being added to the FBI’s Most Wanted cybercriminals list, Penchukov launched a new cybercriminal campaign using IcedID malware, which began at least in November 2018.

IcedID allowed Penchukov and his co-conspirators to collect and transmit personal information about victims, including bank account credentials.

This malware also allowed access to computers infected with other forms of malware, including ransomware, which the University of Vermont Medical Center fell victim to.

Zeus and IcedID malware have been used by various cybercrime groups, infect victims via a range of techniques, including phishing emails.

Severe penalties for cybercriminals

Acting Assistant Attorney General Nicole M. Argentieri of the Justice Department’s Criminal Division said: “Vyacheslav Igorevich Penchukov was the leader of two prolific malware groups that infected thousands of computers with malware malicious. These criminal groups stole millions of dollars from their victims and even attacked a major hospital with ransomware, leaving it unable to provide intensive care to patients for more than two weeks.

Argentieri added: “Today’s guilty pleas should serve as a clear warning that the Justice Department will never stop pursuing cybercriminals. »

Penchukov will be sentenced on May 9, 2024 and faces a maximum sentence of 20 years in prison on each count.

The United States recently imposed heavy sanctions on prosecuted cybercriminals. In January 2024, the DoJ announced that 19 people involved in the management and use of the deceased Cybercrime Market xDedic were sentenced to heavy prison terms.

In September 2023, a Russian businessman was sentenced to nine years in prison for an elaborate corporate hacking scheme that defrauded U.S. businesses out of approximately $93 million.

Leave a comment