Vyacheslav Penchukov, better known in hacking circles as “Tank”, has spoken publicly for the first time about his years at the centre of large-scale cyber-crime operations. The account, given during lengthy interviews at a Colorado prison, traces how a career that began with bank fraud evolved into participation in high-value ransomware attacks that affected companies, hospitals and small businesses around the world.
Penchukov grew up in Donetsk, Ukraine, and says his entry into hacking began with online gaming communities where users exchanged cheats and tools. He rose to prominence as a leader of the so-called Jabber Zeus group, which used Zeus malware and Jabber communications to siphon funds from business and personal bank accounts worldwide.
The Jabber Zeus operation targeted a range of victims, including small firms, local authorities and charities. In the UK alone, more than 600 businesses were recorded as victims during one three-month period, with losses exceeding £4m. Penchukov later moved on to activities that authorities say were linked to global ransomware campaigns.
Penchukov was arrested in Switzerland in 2022 after more than a decade of evading international law enforcement. He is currently serving concurrent nine-year sentences at Englewood Correctional Facility in Colorado and has been ordered to pay $54m in restitution to victims.
Penchukov described the moment of arrest in his own words: “There were snipers on the roof and the police put me on the ground and handcuffed me and put a bag on my head on the street in front of my kids. They were scared,” he said, expressing annoyance at how the operation was carried out.
At the prison, he presented as engaged in education and recreation, saying he plays sport and is learning languages. When asked if he was surprised by his circumstances, he joked: “Not smart enough – I’m in prison,” while also commenting on his social approach: “I am a friendly guy, I make friends easily,”
Penchukov’s narrative describes a shift in criminal methods over time. In the late 2000s, malware such as Zeus enabled targeted theft from bank accounts. By the late 2010s and into the 2020s, he says the focus moved toward ransomware, with larger payouts and attacks on corporate networks and critical services.
He recounted how reports of big ransom payments encouraged other hackers to pursue medical and institutional targets. “People don’t care about the medical side of things – all they see is 20 millions being paid,” he said, describing a “herd mentality” on criminal forums.
Penchukov has been linked to a variety of criminal networks. He describes associations with crews responsible for distributing banking malware and with affiliates that worked with prominent ransomware families, including Maze, Egregor and Conti. He also became involved with IcedID, an operation that security researchers say infected hundreds of thousands of devices.
Some of his former collaborators have been sanctioned or sought by Western authorities. Penchukov says he worked alongside individuals such as Maksim Yakubets, who has been sanctioned by the US government and added to the FBI’s Most Wanted list. He described a change in how other hackers treated Yakubets after those developments.
When asked whether ransomware gangs had links to Russian security services, Penchukov replied simply: “Of course.” He added that some members referenced communicating with “their handlers” in agencies such as the FSB.
Investigative and law enforcement agencies in several countries have pursued members of these networks; the UK’s National Crime Agency has publicly accused associates of involvement in long-running criminal activity and has targeted people it says were linked to those groups.
Individuals and small businesses describe severe consequences after attacks connected to the groups Penchukov spoke about. One small US company, Lieber’s Luggage of Albuquerque, had $12,000 taken in a single incident. Owner Leslee described the moment they learned what had happened: “It was just disbelief and horror when the bank called because we had no idea what had happened, and the bank clearly didn’t have any idea,”
Her husband added their feelings after the theft: “There’s nothing that we could say that would affect him,” and “I wouldn’t give him the time of day,” reflecting the frustration and sense of helplessness many victims report.
US prosecutors have attributed several major disruptions to networks that Penchukov has acknowledged being connected with, including a 2020 attack on the University of Vermont Medical Center that they say caused more than $30m in losses and disabled thousands of hospital computers. Penchukov denies personally conducting that attack and has said he only admitted involvement to obtain a lighter sentence.
He is serving prison time under a name he says he has changed to Andreev and faces large restitution orders. Reflecting on his sentence, he has argued the penalties are too severe and has said he hopes for early release.
Penchukov offered candid observations about the subculture of cyber-crime and the reliability of associates. “You can’t make friends in cyber-crime, because the next day, your friends will be arrested and they will become an informant,” he said. “Paranoia is a constant friend of hackers,” he added, noting that prolonged involvement in criminal schemes can erode operational caution: “If you do cyber-crime long enough you lose your edge,”
His story traces the technological and organisational shifts that turned mostly covert bank fraud into a highly lucrative ransomware economy with wide-reaching consequences — and provides a firsthand perspective on how some of the gangs responsible for that change operated and interacted with each other.
Read more on The Global Herald
