LINCOLN, Neb.– LINCOLN, Neb. (AP) —
A Ukrainian man has pleaded guilty to involvement in two separate malware schemes, including a cyberattack on the University of Vermont Medical Center in 2020 that temporarily shut down some of its vital services and cost tens of millions of dollars, the US department said of Justice. .
Vyacheslav Igorevich Penchukov, also known as Vyacheslav Igoravich Andreev, 37, pleaded guilty Thursday in federal court in Nebraska to one count of conspiracy to violate the U.S. Anti-Racketeering Act and one count of conspiracy to commit fraud.
The files in the case are sealed, so the name of Penchukov’s lawyer was not immediately known Friday.
Penchukov was accused of helping lead a racketeering enterprise and conspiracy that infected thousands of corporate computers with malicious software beginning in May 2009, and later led a conspiracy that infected computers with new malware from at least November 2018 through February 2021, according to federal prosecutors.
This allowed other suspicious software, such as ransomware, to gain access to infected computers, which happened in October 2020 at the University of Vermont Medical Center, the Justice Department said.
A hospital official said in 2021 that the attack cost it an estimated $50 million, mostly in lost revenue, while the Justice Department estimated losses at $30 million.
The attack “left the medical center unable to provide many critical patient services for more than two weeks, creating a risk of death or serious bodily harm to patients,” the Justice Department said in a statement.
According to prosecutors, the cybercriminals also used malicious software to obtain account information, passwords, personal identification numbers and other information needed to log into online banking accounts.
They then falsely represented to the banks that they were employees of the victims and authorized wire transfers from the accounts, resulting in millions of dollars in losses, the U.S. Department of Justice said.
Penchukov was a fugitive on the FBI’s Cyber Most Wanted list before being arrested in Switzerland in 2022 and extradited to the United States the following year.
He faces 20 years in prison on each charge when he is sentenced May 9.