A 34-year-old Armenian man has pleaded guilty to hacking U.S. companies and deploying the infamous Ryuk ransomware to encrypt their systems.
Karen Serobovich Vardanyan was extradited to the United States after being arrested in Kyiv in April 2025 for providing initial access to corporate networks.
According to court documents, Vardanyan helped deploy Ryuk ransomware on the networks of multiple U.S. organizations between November 2019 and April 2020 after illegally accessing their systems.
In one attack, Vardanyan and his co-conspirators breached a Michigan company that paid 200 BTC (worth more than $1.1 million at the time). Two other attacks the prosecutors noted include a technology company in Wilsonville, Oregon, and a school in Texas.
“Vardanyan and his co-conspirators illegally accessed computer networks of victim companies and deployed ransomware on hundreds of compromised servers and workstations,” the U.S. Department of Justice says.
The DoJ says that Vardanyan and his co-conspirators received about 1,610 bitcoins in ransom payments, valued at around $15 million at the time.
The Ryuk ransomware operation was active from 2018 until mid-2020, carrying out high-profile attacks against organizations across nearly every sector, including healthcare providers during the COVID-19 pandemic.
It is estimated that at its peak, the Ryuk ransomware gang hacked around 20 organizations every week and made more than $150 million.
Following its shutdown in 2020, many of its members transitioned to the Conti ransomware operation, which quickly became one of the most prolific hacker groups.
Conti disbanded in 2022 after its internal chats and source code were leaked, with its members splintering into numerous cybercrime groups, some of which remain active today.
... continue reading