
A suspected member of the notorious Ryuk ransomware operation has pleaded guilty in a US federal court after being extradited from Ukraine.
Karen Serobovich Vardanyan, a 34-year-old Armenian national, admitted to participating in a conspiracy that targeted companies across the United States between late 2019 and early 2020.
The attacks allegedly led to more than $15 million in ransom payments from victims.
According to the US Department of Justice, Vardanyan pleaded guilty to conspiracy and computer fraud for helping compromise corporate networks that were later encrypted with Ryuk ransomware.
Investigators say he and his co-conspirators obtained unauthorized access to victim organizations before deploying ransomware and demanding payment in exchange for restoring access to critical systems. The attacks took place between November 2019 and April 2020 while Ryuk was among the world's most active ransomware operations.
According to the DOJ:
Between November 2019 through April 2020, Vardanyan illegally accessed computer networks of victim companies to deploy Ryuk ransomware on compromised servers and workstations.
As part of the scheme, ransom payments were extorted from victim companies in exchange for decryption keys to regain access to their data. A ransom note was placed on the computer systems demanding ransom payments in Bitcoin, a form of cryptocurrency, and provided an email address that victims could use to communicate with the cybercriminals.
Vardanyan worked with his co-conspirators to attack a company in Michigan that paid 200 bitcoin or over $1.1 million at the time of payment to restore access to their network.
Vardanyan and his co-conspirators are alleged to have received approximately 1,610 bitcoins in ransom payments from the victim companies, which was valued at over $15 million at the time of payment.
US authorities said Vardanyan was arrested in Kyiv in 2025, extradited to the United States, and entered his guilty plea in federal court in Portland, Oregon. Sentencing is scheduled for later this year, where he faces a maximum prison sentence of 15 years. He has also agreed to pay nearly $1.2 million in restitution to victims.
The investigation involved the FBI alongside Europol, authorities in Ukraine and France, and other international partners. The case follows a series of arrests, extraditions, infrastructure seizures, and sanctions targeting ransomware groups over the past several years.
While these actions have disrupted many established gangs, ransomware remains one of the most profitable forms of cybercrime, with new groups emerging as older operations are dismantled or rebrand under different names.
Although Ryuk has largely disappeared from today's ransomware landscape, its influence is still felt.
The malware, active between 2018 and 2021, became notorious for targeting hospitals, municipalities, manufacturers, schools, and large enterprises. Rather than relying on mass phishing campaigns alone, Ryuk operators often spent days or weeks inside victim networks, stealing credentials, moving laterally, and identifying the systems whose encryption would cause the greatest disruption.
Security researchers have long associated Ryuk with sophisticated cybercriminal groups operating from Eastern Europe. Many attacks were believed to begin with malware such as TrickBot or Emotet, which provided the initial foothold inside corporate environments.
The campaign helped shape what has since become the standard ransomware playbook:
No single security measure can completely eliminate ransomware risk, but organizations can significantly reduce their exposure by:
If you run a small or medium-sized business, thoroughly review your cybersecurity posture to prevent a breach at the hand of professional hacking groups. For some businesses, a ransomware attack can inflict losses that far outweigh the investment in a strong cybersecurity posture.
Bitdefender strongly recommends deploying a dedicated security solution to stem the chances of a successful attack.
Bitdefender Ultimate Small Business Security is an extended version of our consumer-friendly security suite, designed specifically for small and medium-sized firms. It includes malware detection, ransomware prevention, email protection, account breach protection, scam protection, and VPN. It can be administered by anyone in your organization, thanks to a natural, intuitive dashboard designed for use even by non-techies.
You may also want to read:
New Jersey neurology practice fined $25,000 over ransomware incident
How scammers stole $20 million by hacking emails of real estate agents
tags
Filip has 17 years of experience in technology journalism. In recent years, he has focused on cybersecurity in his role as a Security Analyst at Bitdefender.
View all posts