A man from Ukraine has admitted to carrying out a cyberattack that caused a temporary disruption at a prominent hospital in Vermont.
LINCOLN, Neb. (AP) —
According to the U.S. Department of Justice, a man from Ukraine has admitted to participating in two different malware plots, including a cyberattack on the University of Vermont Medical Center in 2020. This attack caused essential services to be shut down temporarily and resulted in the loss of tens of millions of dollars for the medical center.
Vyacheslav Igorevich Penchukov, also referred to as Vyacheslav Igoravich Andreev, admitted guilt on Thursday in a federal court in Nebraska for one charge of participating in a conspiracy to violate U.S. anti-racketeering laws and one charge of conspiring to commit wire fraud.
The lawyer representing Penchukov’s case remains unknown on Friday due to the sealed records.
According to federal prosecutors, Penchukov was charged with being a key member of a criminal organization and plotting to install harmful software on numerous business computers in May 2009. Additionally, he was accused of continuing this scheme by introducing new malware into computers from November 2018 until February 2021.
According to the Justice Department, this enabled other questionable software, such as ransonware, to enter compromised computers. This was the case at the University of Vermont Medical Center in October 2020.
In 2021, a representative from the hospital stated that the attack resulted in an approximate loss of $50 million, mainly from lost earnings. However, the Department of Justice calculated the losses to be around $30 million.
According to a statement from the Justice Department, the medical center was incapacitated for more than two weeks due to the attack, resulting in a potential threat to patients’ lives and well-being as crucial medical services were unavailable.
The cybercriminals were accused of utilizing harmful software to obtain sensitive account information, including passwords and personal identification numbers, that allowed them to access online banking accounts.
According to the U.S. Department of Justice, the individuals claimed to be victims’ employees and tricked banks into allowing transfers from the accounts, leading to significant financial losses totaling millions of dollars.
In 2022, Penchukov was apprehended in Switzerland and extradited to the United States after being listed as a top cyber criminal on the FBI’s most-wanted list.
He could potentially receive a maximum sentence of 20 years in prison for each count when he is sentenced on May 9.