When you check your bank balance over morning coffee, you probably do not picture a former DJ from eastern Ukraine helping himself to the numbers on your screen. Yet that is exactly the kind of damage tied to Vyacheslav Igorevich Penchukov, the hacker long known online as “Tank.”
After nearly a decade on the cyber most wanted list of the FBI, Penchukov is now sitting in a low-security prison in Colorado. From there, he has given his first long interview, describing how modern cyber gangs really work and why they keep coming back to the same targets.
His account lines up with court records that show he helped lead two major malware operations, Zeus and IcedID, that stole tens of millions of dollars and even knocked a hospital offline.
In February 2024 he pleaded guilty in US federal court to racketeering and wire fraud tied to those schemes. Prosecutors say his crews infected thousands of business computers, raided online bank accounts, and turned access to compromised systems into a commodity that other criminals could rent.
A Nebraska judge later handed him two concurrent nine year prison terms and ordered more than $73 million in restitution, according to court records reported by several outlets.
From game cheats to global bank raids
Penchukov did not start with grand plans of bringing down hospitals. In his telling, he was a teenager looking for cheats for FIFA and Counter Strike on early internet forums, then drifted into more serious hacking.
That path led to Jabber Zeus, a crew that used the Zeus banking trojan and instant messaging to watch live as victims logged into online accounts.
Their favorite marks were not giant Wall Street banks. They went after small companies, local governments, and charities that kept working balances in business accounts. In the United Kingdom alone, one campaign linked to the group hit more than six hundred victims and drained over £4 million in about three months, according to reporting based on law enforcement figures.
For the hackers it felt like quick money. For shop owners trying to make payroll, it was a nightmare they did not even have words for at the time.
Life on the run
The FBI eventually cracked Jabber Zeus by seizing chat logs and correlating a casual message where “Tank” bragged about his newborn daughter with Ukrainian birth records. That detail, almost domestic in its banality, helped unmask one of the world’s most wanted cybercriminals.
A global operation called Trident Breach led to dozens of arrests, but Penchukov slipped away after a tip and a fast Audi. For years he lived in Donetsk, then Crimea, running a coal business and telling himself that as long as he stayed inside Ukraine or Russia, American law enforcement could not touch him.
All the while his name sat on wanted posters and sanctions lists, a reminder that investigations were still quietly moving.
Ransomware and the hospital that could not treat patients
Business troubles and what he describes as constant shakedowns by corrupt officials pulled him back to the keyboard. This time the focus was ransomware. Instead of simply stealing from bank accounts, he moved into an ecosystem where criminals lock entire networks and demand payment to restore access.
According to US court documents and security analysts, Penchukov rose again, this time as a leader in the IcedID operation. That malware stole banking credentials and also gave access to more than 150,000 infected computers worldwide, which could then be used to stage ransomware attacks.
One of those attacks hit the University of Vermont Medical Center in 2020. Systems across the hospital went dark. Roughly 5,000 computers and 1,300 servers were encrypted, forcing staff back to paper and delaying treatment.
The Justice Department says the incident caused more than $30 million in losses and left the hospital unable to provide many critical services for over two weeks, creating a risk of serious harm to patients.
If you have ever sat in a waiting room worried about a loved one, it is not hard to imagine what that kind of outage feels like on the ground. Missed test results. Canceled surgeries. Extra days in limbo.
“How much do the hackers care about any of that?” Penchukov told the BBC’s Spanish language service that many forum users behave with a herd mentality, chasing rumors of $20 million payouts from hospitals and ignoring the human cost.
Hints of state protection
In the same interview, he suggested that some ransomware crews have “contacts” in Russian security services, mentioning agencies such as the FSB. Western officials have long suspected links between groups like Evil Corp and Russian intelligence, although Moscow has repeatedly denied directing criminal hackers.
If his description is accurate, cybercrime is not just a side hustle for a few gifted coders. It becomes a semi-tolerated export industry that can raise money and cause trouble abroad while criminals stay relatively safe at home.
What this means for everyone else
For the most part, Penchukov’s story confirms what investigators have been warning for years. Cyber gangs run like mid-sized businesses.
They specialize, hire, outsource, and follow the money. Malware such as IcedID and Zeus does not only drain individual accounts. US officials say this type of software bleeds billions from the wider economy and threatens critical infrastructure.
That is why basics matter. Multifactor authentication on business banking, strict controls on remote access, regular offline backups, and realistic incident drills are boring compared with tales of high speed chases in luxury cars.
Yet they are exactly the habits that make a company or hospital a less appealing target. Health sector experts point out that when hospitals invest in these defenses, attacks are still painful but far less likely to shut down care completely.
None of this erases what happened to the people and organizations his crews hit. Small firms who woke up to empty accounts. Charity workers who had to tell staff there was no money for salaries. Medical teams who suddenly lost access to digital charts in the middle of a shift.
Penchukov now spends his days studying languages and working out behind prison walls, according to the BBC interview. He shows little public remorse beyond one attack on a children’s charity, and he insists that he thought Western victims could afford their losses. To a large extent, that attitude is the real warning for the rest of us.
As long as criminals view online theft as “easy money” and believe that insurers or governments will quietly clean up the mess, the incentive to stop will remain weak.
The official statement on Penchukov’s guilty plea was published by the U.S. Department of Justice.
