After years of reading about "Tank" and months of planning a visit to him in a Colorado prison, I hear the door click open before I see him walk into the room.

I stand up ready to give this former cyber-crime kingpin a professional hello. But, like a cheeky cartoon character, he pokes his head around a pillar with a giant grin on his face and winks.

Tank, whose real name is Vyacheslav Penchukov, climbed to the top of the cyber-underworld not so much with technical wizardry, but with criminal charm.

"I am a friendly guy, I make friends easily," the 39-year-old Ukrainian says, with a broad smile.

Having friends in high places is said to be one of the reasons Penchukov managed to evade police for so long. He spent nearly 10 years on the FBI's Most Wanted list and was a leader of two separate gangs in two distinct periods of cyber-crime history.

It is rare to speak to such a high-level cyber-criminal who has left so many victims behind him; Penchukov spoke to us for six hours over two days as part of the ongoing podcast series Cyber Hack: Evil Corp.

The exclusive interview - Penchukov's first ever - reveals the inner workings of these prolific cyber-gangs, the mindset of some of the individuals behind them and never-before-known details about hackers still at large - including the alleged leader of the sanctioned Russian group, Evil Corp.

The first thing that stands out about Penchukov is that, although he is eager to be released, he seems in high spirits and is clearly making the most of his time in prison. He tells me he plays a lot of sport, is learning French and English - a well-thumbed Russian-English dictionary stays by his side throughout our interview - and is racking up high-school diplomas. He must be smart, I suggest. "Not smart enough - I'm in prison," he jokes.

Englewood is a low-security prison with good facilities. The low-rise but sprawling building sits in the foothills of the Rocky Mountains in Colorado. The dusty grass verges surrounding the prison are teeming with noisy prairie dogs scurrying into their burrows whenever disturbed by prison vehicles coming and going.

It is a long way from Donetsk, Ukraine, where he ran his first cyber-crime gang after falling into hacking through games cheat forums, where he would look for cheats for his favourite video games like Fifa 99 and Counterstrike.

He became the leader of the prolific Jabber Zeus crew - so named because of their use of the revolutionary Zeus malware and their favourite communication platform, Jabber.

Penchukov worked with a small group of hackers that included Maksim Yakubets - a Russian who would go on to be sanctioned by the US government, accused of leading the infamous cyber-group Evil Corp.

Penchukov says that throughout the late 2000s, the Jabber Zeus crew would work out of an office in the centre of Donetsk, putting in six to seven-hour days stealing money from victims overseas. Penchukov would often end his day with a DJ set in the city, playing under the name DJ Slava Rich.

Cyber-crime in those days was "easy money", he says. The banks had no idea how to stop it and police in the US, Ukraine and the UK could not keep up.

In his early 20s, he was making so much money he bought himself "new cars like they were new clothes". He had six in total - "all expensive German ones".

But police got a breakthrough when they managed to eavesdrop on the criminals' text chats in Jabber and discovered the true identity of Tank using details he had given away about the birth of his daughter.

The net closed in on the Jabber Zeus crew, and an FBI-led operation called Trident Beach saw arrests in Ukraine and the UK. But Penchukov slipped through the net thanks to a tip-off from someone he will not name. And thanks to one of his fast cars.

"I had an Audi S8 with a 500-horsepower Lamborghini engine so when I saw the cops flashing lights in my rear view mirror, I jumped the red light and lost them easily. It gave me a chance to test the full power of my car," he says.

He laid low with a friend for a while, but when the FBI left Ukraine, the local authorities seemed to lose interest in him.

So Penchukov kept under the radar and, he says, went straight. He started a company buying and selling coal, but the FBI was still on the trail.

"I was on holiday in Crimea when I got a message from a friend who saw that I had been put on the FBI Most Wanted list. I thought I had got away with it all - then I realised I have a new problem," he says, an obvious understatement.

His lawyer at the time was calm, though, and advised him not to worry: as long as he did not travel outside of Ukraine or Russia, US police could not do much.

The Ukrainian authorities did eventually come knocking - but not to arrest him.

Penchukov had been outed as a wealthy hacker wanted by the West and he alleges that almost every day, officials would come and shake him down for money.

His coal-selling business was going well until Russia's invasion of Crimea in 2014. President Putin's so-called "Little Green Men" - Russian soldiers in unmarked uniforms - ruined his business and missiles struck his apartment in Donetsk, damaging his daughter's bedroom.

Penchukov says that it was business troubles and the constant payouts to Ukrainian officials that led him to once again fire up his laptop and get back into the cyber-crime life.

"I just decided it was the fastest way to make money to pay them," he says.

His journey charts the evolution of modern cyber-crime - from quick and easy bank account theft to ransomware, today's most pernicious and damaging type of cyber-attack used in high-profile hacks this year, including on UK High Street stalwart Marks & Spencer.

He says ransomware was harder work but the money was good. "Cyber-security had improved a lot, but we were able to make about $200,000 a month. Much higher profits."

In a revealing anecdote, he remembers rumours that started about a crew being paid $20m (£15.3m) from a hospital that had been crippled by ransomware.

Penchukov says the news fired up the hundreds of hackers in the criminal forums who all then went after US medical institutions to repeat the pay day. These hacker communities have a "herd mentality", he says: "People don't care about the medical side of things - all they see is 20 millions being paid."

Penchukov rebuilt his connections and skills to become one of the top affiliates of ransomware services, including Maze, Egregor and the prolific group Conti.

When asked if these criminal groups worked with Russian security services - a regular accusation from the West - Penchukov shrugs and says: "Of course." He says that some ransomware gang members sometimes talked about speaking to "their handlers" in the Russian security services, like the FSB.

The BBC wrote to the Russian Embassy in London, asking if the Russian government or its intelligence agencies engaged with cyber criminals to aid cyber espionage, but received no reply.

Penchukov soon rose to the top again and became a leader of IcedID - a gang that infected more than 150,000 computers with malicious software and led to various types of cyber-attack, including ransomware. Penchukov was in charge of a team of hackers who would sift through the infected computers to work out how best to make money from them.

One victim they infected with ransomware in 2020 was the University of Vermont Medical Center in the US. According to US prosecutors, this led to the loss of more than $30m (£23m) and left the medical centre unable to provide many critical patient services for more than two weeks.

Although no-one died, prosecutors say the attack, which disabled 5,000 hospital computers, created a risk of death or serious injury to patients. Penchukov denies he actually did it, claiming he only admitted to it in order to reduce his sentence.

Overall, Penchukov, who has since changed his surname to Andreev, feels the two nine-year sentences he is serving concurrently are too much for what he did (he is hoping to get out much sooner). He has also been ordered to pay $54m (£41.4m) in restitution to victims.

His view as a young hacker who started in cyber-crime as a teenager is that Western companies and people could afford to lose money and that everything was covered by insurance anyway.

But when I speak to one of his early victims from the Jabber Zeus days, it is clear his attacks did have a harmful impact on innocent people.

Lieber's Luggage, a family-run business in Albuquerque, New Mexico, had $12,000 (£9,200) stolen in one swipe by the gang. Owner Leslee still recalls the shock years later.

"It was just disbelief and horror when the bank called because we had no idea what had happened, and the bank clearly didn't have any idea," she says.

While a modest sum, it was devastating for the business, as the money was used for paying rent, buying merchandise and paying staff.

They did not have any savings to fall back on and, to make matters worse, Leslee's elderly mother was in charge of the company accounts and she blamed herself until the theft was uncovered.

"We had all of those feelings, the anger, the frustration, the fear," she says.

When I ask them what they would like to say to the hackers responsible, they think it is futile to try to change the minds of these callous criminals.

"There's nothing that we could say that would affect him," Leslee says.

"I wouldn't give him the time of day," her husband Frank adds.

Penchukov says he did not think about the victims, and he does not seem to do so much now, either. The only sign of remorse in our conversation was when he talked about a ransomware attack on a disabled children's charity.

His only real regret seems to be that he became too trusting with his fellow hackers, which ultimately led to him and many other criminals being caught.

"You can't make friends in cyber-crime, because the next day, your friends will be arrested and they will become an informant," he says.

"Paranoia is a constant friend of hackers," he says. But success leads to mistakes.

"If you do cyber-crime long enough you lose your edge," he says, wistfully.