Vyacheslav Penchukov, known in the cyber-crime world as "Tank," is a notorious figure whose story sheds light on the evolution of global cyber-crime over the past two decades. After spending nearly a decade on the FBI’s Most Wanted list, Penchukov was finally arrested in 2022 in a dramatic operation in Switzerland. His criminal career spans two distinct eras of cyber-crime, and his experience offers rare insight into the mindset and inner workings of high-level cyber-gangs. Recently, Penchukov gave his first-ever in-depth interview, revealing details about his activities, his associates, and the broader cyber-crime landscape.
Penchukov’s rise to the top of the cyber-underworld was not due to exceptional technical skill but rather his criminal charisma and ability to build relationships. The 39-year-old Ukrainian describes himself as “a friendly guy” who makes friends easily—an attribute he credits with helping him evade capture for so long. He led two significant gangs during his criminal career, including the infamous Jabber Zeus crew in the late 2000s and later ransomware groups between 2018 and 2022.
His criminal journey began in his hometown of Donetsk, Ukraine, where he first got involved with hacking through online gaming cheat forums. He sought cheats for popular games like FIFA 99 and Counterstrike, but soon gravitated toward more lucrative criminal ventures. Penchukov became the leader of the Jabber Zeus crew, named after their use of the Zeus malware and the Jabber messaging platform for communication. This group innovated cyber-crime by stealing directly from bank accounts belonging to small businesses, local authorities, and charities worldwide. In the UK alone, more than 600 victims lost over £4 million ($5.2 million) in just three months due to their actions.
Operating out of a small office in Donetsk, Penchukov and his crew worked six to seven hours a day, siphoning money from victims overseas. Despite their criminal activities, Penchukov lived a flashy lifestyle, buying expensive German cars and even moonlighting as a DJ under the name DJ Slava Rich. At that time, cyber-crime was "easy money" since banks and law enforcement were ill-equipped to combat such sophisticated attacks.
However, the gang’s downfall began when law enforcement managed to intercept their Jabber chats and uncover Penchukov’s identity through personal details he had carelessly shared. The FBI launched Operation Trident Breach, leading to arrests in Ukraine and the UK. Penchukov narrowly escaped capture thanks to a tip-off and his powerful Audi S8, which he used to evade police after a high-speed chase. He then went underground, staying out of trouble and even starting a legitimate coal trading business, though he remained on the FBI’s Most Wanted list.
Despite his hopes of leaving crime behind, Penchukov found himself drawn back into cyber-crime following Russia’s annexation of Crimea in 2014. The invasion disrupted his business and forced him to pay bribes to Ukrainian officials, draining his resources. Faced with financial pressure and instability, he returned to hacking, this time focusing on ransomware attacks targeting international corporations and institutions, including hospitals.
Ransomware, unlike earlier cyber-thefts, involves hackers encrypting victims’ data and demanding large payments to restore access. Penchukov became a top affiliate of major ransomware services like Maze, Egregor, and Conti. He recalls how news of a hospital paying $20 million in ransom sparked a "herd mentality" among hackers, who then targeted other US medical institutions hoping for similar paydays. This shift signaled the growing scale and impact of cyber-crime, with ransomware attacks causing severe disruption beyond financial losses.
Penchukov also revealed that some ransomware gangs maintained connections with Russian security services, such as the FSB. Members would sometimes refer to their “handlers,” suggesting a complex relationship between criminal groups and state actors. Western governments have frequently accused Russia of tolerating or even supporting cyber criminals to advance geopolitical interests, though official Russian responses have been silent.
Later in his career, Penchukov led the IcedID gang, responsible for infecting over 150,000 computers worldwide with malicious software. This group engaged in various cyber-attacks, including ransomware. One notable victim was the University of Vermont Medical Center, which suffered a ransomware attack in 2020 that disrupted critical patient services