LATEST NEWS
SELECTED FOR YOU

Ryuk ransomware operator pleads guilty in $15M bitcoin extortion

ByRanda MosesRanda Moses
2 mins read
Ryuk ransomware operator pleads guilty in $15M bitcoin extortion.
  • Karen Serobovich Vardanyan pleaded guilty to conspiracy and computer fraud for his role in a Ryuk ransomware campaign that extorted more than $15 million in bitcoin from US companies.
  • Victims included a Michigan firm that paid 200 bitcoin, an Oregon technology company, and a Texas school.
  • Vardanyan agreed to pay more than $1.1 million in restitution as part of his plea.

According to federal prosecutors in Oregon, Karen Serobovich Vardanyan entered a guilty plea on July 8 to aiding in the operation of a Ryuk ransomware campaign that stole over $15 million in bitcoin from US businesses.

Extradited from Ukraine, Vardanyan is a 34-year-old Armenian national. This autumn, a judge sentences him. For both counts, he could spend up to 15 years behind bars.

Ryuk ransomware broke into corporate networks

According to the US Attorney’s Office for the District of Oregon, Vardanyan admitted to conspiracy and computer fraud. Every count has a maximum of its own. Conspiracy carries a five-year sentence; computer fraud carries a ten-year sentence. A $250,000 fine and three years of supervised release are also associated with each. In February 2024, he was charged with a third count of extortion by a federal grand jury in Portland. That one was not resolved by the plea.

According to the prosecution, the scheme operated from November 2019 to April 2020. After breaking into corporate networks, Vardanyan and his accomplices used Ryuk. Ryuk is a type of malware that locks down and encrypts a victim’s files until a ransom is paid. The group allegedly installed the software on hundreds of workstations and servers, according to investigators. It then left ransom notes, each requesting an email address and bitcoin so that victims could negotiate their way back into their own systems.

The DOJ stated in a press release on July 9 that “a ransom note was placed on the computer systems demanding ransom payments in Bitcoin, a form of cryptocurrency, and provided an email address that victims could use to communicate with the cybercriminals.” The wallet was under the group’s control. The attackers gave the victim the decryption keys after the victim paid into it.

According to prosecutors, a Michigan company paid 200 bitcoin to regain access to its network. At the time, the bitcoin was worth over $1.1 million. A Wilsonville, Oregon, technology company was also targeted by the campaign. And in February 2020, it struck a Texas school. According to the DOJ, the operation received ~1,610 bitcoin in total, which was worth more than $15 million at the time of the payments.

A complete list of victims has not been released by the prosecution. Additionally, there is no wallet history or breakdown of which payments originated from which attack.

Vardanyan consented to make restitution totaling more than $1.1 million as part of his plea. Portland will host a US District Judge review on September 22, 2026. The restitution amount, the plea deal, and federal sentencing guidelines will all be taken into consideration by the court.

FBI investigated, and Ukraine handled the extradition

The FBI investigated. Assistant US Attorney Katherine A. Rykken is prosecuting, and US Attorney Scott E. Bradford announced the plea. The Justice Department’s Office of International Affairs helped secure Vardanyan’s arrest and extradition from Ukraine. And the US Attorney’s Office credited Ukrainian authorities for their help.

Cryptopolitan recently reported on a separate operation. Attackers used a fake Polymarket trading bot to push credential stealing malware to more than 50 developers.

If you're reading this, you’re already ahead. Stay there with our newsletter.

FAQs

Who is Karen Serobovich Vardanyan?

He is a 34-year-old Armenian national who was extradited from Ukraine to the United States and pleaded guilty on July 8 to conspiracy and computer fraud tied to Ryuk ransomware attacks on US companies.

How much did the ransomware campaign collect?

Prosecutors say the operation took in roughly 1,610 bitcoin, valued at more than $15 million at the time of the payments.

What sentence does Vardanyan face?

He faces a maximum of five years for conspiracy and 10 years for computer fraud, up to 15 years combined, plus fines and restitution of more than $1.1 million.

Share this article

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Randa Moses

Randa Moses

Randa Moses is an editor and reporter at Cryptopolitan covering tech, AI, robotics, crypto, scams, and hacks. She has worked in the crypto space since 2017. She held roles at Forward Protocol, AmaZix, and Cryptosomniac. Randa holds a degree in Electrical and Electronics Engineering from the University of Bradford.

MORE … NEWS