AI & TechBusinessCybersecurityNewswireTechnology

Ryuk ransomware member pleads guilty, faces 15 years in US prison

Originally published on: July 11, 2026
▼ Summary

– An Armenian man, Karen Serobovich Vardanyan, pleaded guilty to hacking U.S. companies and deploying Ryuk ransomware after being extradited from Ukraine.
– Between November 2019 and April 2020, Vardanyan illegally accessed networks to deploy ransomware on hundreds of systems for multiple U.S. organizations.
– Vardanyan and his co-conspirators received about 1,610 bitcoins in ransom payments, valued at around $15 million at the time.
– The Ryuk ransomware operation, active from 2018 to mid-2020, made over $150 million, with members later moving to the Conti ransomware group.
– Vardanyan faces up to 15 years in prison, $250,000 fines per charge, and has agreed to pay over $1.1 million in restitution.

A 34-year-old Armenian national has entered a guilty plea in a U.S. federal court for his role in cyberattacks that deployed the notorious Ryuk ransomware against American companies. Karen Serobovich Vardanyan, extradited to the United States after his arrest in Kyiv in April 2025, admitted to providing the initial access needed to infect corporate networks with the malicious software.

Court documents reveal that between November 2019 and April 2020, Vardanyan and his accomplices unlawfully breached the systems of multiple U. S. organizations. In one instance, they targeted a Michigan company, which ultimately paid a ransom of 200 Bitcoin,then valued at over $1.1 million. Additional victims included a technology firm in Wilsonville, Oregon, and a school district in Texas.

“Vardanyan and his co-conspirators illegally accessed computer networks of victim companies and deployed ransomware on hundreds of compromised servers and workstations,” the U. S. Department of Justice stated. The department also noted that the group collected roughly 1,610 Bitcoin in total ransom payments, worth approximately $15 million at the time.

The Ryuk ransomware operation was particularly active from 2018 until mid-2020, orchestrating high-profile attacks across nearly every sector. During the COVID-19 pandemic, it even targeted healthcare providers. At its peak, the group is believed to have compromised about 20 organizations each week, amassing more than $150 million in illicit proceeds.

After Ryuk was dismantled in 2020, many of its members migrated to the Conti ransomware collective, which quickly became one of the most aggressive hacking groups in the world. Conti itself disbanded in 2022 following a leak of its internal chats and source code, causing its members to splinter into numerous cybercrime factions, some of which remain active today.

Vardanyan was indicted by a federal grand jury in Portland in February 2024. He is scheduled for sentencing in September 2026. He faces a maximum of 15 years in prison on two separate charges, along with fines of up to $250,000 for each count. As part of his plea agreement, Vardanyan has also consented to pay more than $1.1 million in restitution to his victims.

(Source: BleepingComputer)

Topics

ryuk ransomware 98% cybercrime extradition 95% hacking plea guilty 93% ransom payment bitcoin 90% doj prosecution 88% conti ransomware transition 85% healthcare sector attack 82% corporate network breach 80% sentencing prison term 78% ransomware gang profit 75%