Malware, Ransomware

FBI Most Wanted cybergang boss pleads guilty

A Ukrainian national who helped run the notorious JabberZeus and IcedID malware gangs, and spent almost a decade on the FBI’s Cyber Most Wanted fugitives list, has pleaded guilty in U.S. federal court to racketeering and wire fraud charges.

Vyacheslav Igorevich Penchukov held leadership roles in the two gangs between 2009 and 2021, during which time they were responsible for infecting thousands of computers, costing victims tens of millions of dollars, prosecutors alleged.

IcedID was responsible for a 2020 ransomware attack on the University of Vermont Medical Center which cost the facility over $30 million and left it “unable to provide many critical patient services for over two weeks, creating a risk of death or serious bodily injury to patients,” the Justice Department said in a statement.

Known online as “Tank” and “Father”, 37-year-old Penchukov was arrested in Switzerland in 2022 and extradited to the U.S. last year.

Gang used Zeus banking trojan to steal millions

Zeus was one of the leading banking trojans from 2009 until 2014 when one of several variants, Gameover Zeus, was taken down by authorities.

According to court documents, the JabberZeus gang used the malware to capture bank account information and online banking credentials.

“Penchukov and his co-conspirators then falsely represented to banks that they were employees of the victims and authorized to make transfers of funds from the victims’ bank accounts, causing the banks to make unauthorized transfers of funds from the victims’ accounts, resulting in millions of dollars in losses to the victims,” the Justice Department statement said.

“The enterprise used residents of the United States and elsewhere as ‘money mules’ to receive wired funds from victims’ bank accounts into their own bank accounts, who then withdrew and wired funds overseas to accounts controlled by Penchukov’s co-conspirators.”

U.S. authorities first charged Penchukov with offenses related to his role in the JabberZeus gang in 2012, when he was still at large, although the indictment was not unsealed until 2014.

Switch to IcedID included move to ransomware

Despite being added to the FBI’s Cyber Most Wanted list around that time, the Justice Department said Penchukov moved on to help lead the gang running what was then a new banking trojan malware, IcedID (also known as Bokbot).

He was active with the IcedID gang from at least November 2018 through February 2021. During that time, as well as stealing from victims by harvesting banking credentials, Penchukov and his colleagues used the malware’s ransomware capabilities to attack victims, including the University of Vermont Medical Center.

Penchukov appeared in court in Lincoln, Nabraska, on Feb. 15 where he pleaded guilty to one count of conspiracy to commit a Racketeer Influenced and Corrupt Organizations (RICO) Act offense relating to his role in the JabberZeus gang. He also pleaded guilty to one count of conspiracy to commit wire fraud in relation to his role in the IcedID group.

Penchukov is due to be sentenced on May 9 and faces a maximum penalty of 20 years in prison for each count. “Core to the FBI’s cyber strategy is our willingness to play the long game and take players off the field. Vyacheslav Penchukov was a prolific criminal for over a decade and his criminal activities caused millions in damages,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division.

Simon Hendery

Simon Hendery is a freelance IT consultant specializing in security, compliance, and enterprise workflows. With a background in technology journalism and marketing, he is a passionate storyteller who loves researching and sharing the latest industry developments.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.