A 34-year-old Armenian national has pleaded guilty in the United States to hacking American companies and deploying the Ryuk ransomware strain, one of the most damaging extortion tools of its era.

Karen Serobovich Vardanyan was arrested in Kyiv in April 2025 and later extradited to the U.S. to face charges tied to his role providing initial access to corporate networks. Court documents show that between November 2019 and April 2020, Vardanyan and his co-conspirators broke into victim networks and deployed Ryuk on hundreds of compromised servers and workstations.

Victims and Ransom Payments

Prosecutors identified several victims in the case, including a Michigan company that paid 200 BTC, worth more than $1.1 million at the time, a technology firm in Wilsonville, Oregon, and a school district in Texas. According to the Department of Justice, Vardanyan and his co-conspirators collected approximately 1,610 bitcoins in ransom payments across their campaign, valued at around $15 million when received.

Ryuk’s Legacy

Ryuk ransomware operated from 2018 until mid-2020 and was responsible for attacks against organizations across nearly every industry sector, including healthcare providers during the early months of the COVID-19 pandemic. At its peak, the operation is estimated to have compromised around 20 organizations per week and generated more than $150 million in illicit revenue.

After Ryuk shut down in 2020, many of its core members are believed to have moved on to the Conti ransomware operation, which went on to become one of the most prolific ransomware groups before it disbanded in 2022 following the leak of its internal chat logs and source code. Former Conti members subsequently splintered into numerous cybercrime groups, some of which remain active today.

Charges and Sentencing

Vardanyan was indicted in February 2024 by a federal grand jury in Portland. He now faces a maximum sentence of 15 years in prison across two separate charges, along with fines of up to $250,000 per count. As part of his plea agreement, he has agreed to pay more than $1.1 million in restitution to victims. Sentencing is scheduled for September 2026.

The case adds to a growing list of prosecutions targeting individuals tied to the Ryuk and Conti ransomware ecosystems, as U.S. authorities continue to pursue members of disbanded ransomware operations years after their activity ended.