A 34-year-old Armenian man has pleaded responsible to hacking a US firm and deploying the notorious Ryuk ransomware to encrypt its programs.
Karen Serovovich Vardanyan was arrested in Kiev in April 2025 for offering preliminary entry to company networks after which extradited to the USA.
In response to court docket paperwork, Vardanyan illegally accessed the programs of a number of U.S. organizations between November 2019 and April 2020 earlier than serving to deploy Ryuk ransomware on their networks.
In a single assault, Vardanian and his co-conspirators infiltrated a Michigan firm and paid out 200 BTC, value greater than $1.1 million on the time. Two different assaults cited by prosecutors included a expertise firm in Wilsonville, Oregon, and a faculty in Texas.
“Vardanian and his co-conspirators illegally accessed the sufferer firms’ pc networks and deployed ransomware to a whole lot of compromised servers and workstations,” the U.S. Division of Justice mentioned.
The Justice Division says Vardanian and his co-conspirators acquired roughly 1,610 bitcoins in ransom, value about $15 million on the time.
Ryuk ransomware was lively from 2018 till mid-2020, finishing up large-scale assaults towards organizations in almost each sector, together with healthcare suppliers, throughout the COVID-19 pandemic.
At its peak, the Ryuk ransomware gang was estimated to have hacked round 20 organizations every week, making greater than $150 million.
After its closure in 2020, lots of its members transitioned to the Conti ransomware operation, shortly changing into some of the prolific hacker teams.
Conti disbanded in 2022 after inner chats and supply code had been leaked. Its members have cut up into quite a few cybercrime teams, a few of that are nonetheless lively at this time.
Mr. Vardanyan was indicted by a federal grand jury in Portland in February 2024 and is at present scheduled to be sentenced in September 2026.
The ransomware operator faces as much as 15 years in jail and a $250,000 nice on every of the 2 separate fees.
As a part of his plea settlement, Vardanyan agreed to pay greater than $1.1 million in restitution.

Safety groups doc 54% of profitable assaults and situation a warning on solely 14%. The remainder strikes invisibly via the setting.
Picus’ whitepaper reveals how one can check your SIEM and EDR guidelines in breach and assault simulations to make sure threats go undetected.
Get the white paper
