A 34-year-old Armenian man has pleaded guilty to hacking U.S. companies and deploying the infamous Ryuk ransomware to encrypt their systems.
Karen Serobovich Vardanyan was extradited to the United States after being arrested in Kyiv in April 2025 for providing initial access to corporate networks.
According to court documents, Vardanyan helped deploy Ryuk ransomware on the networks of multiple U.S. organizations between November 2019 and April 2020 after illegally accessing their systems.

In one attack, Vardanyan and his co-conspirators breached a Michigan company that paid 200 BTC (worth more than $1.1 million at the time). Two other attacks the prosecutors noted include a technology company in Wilsonville, Oregon, and a school in Texas.
“Vardanyan and his co-conspirators illegally accessed computer networks of victim companies and deployed ransomware on hundreds of compromised servers and workstations,” the U.S. Department of Justice says.
The DoJ says that Vardanyan and his co-conspirators received about 1,610 bitcoins in ransom payments, valued at around $15 million at the time.
The Ryuk ransomware operation was active from 2018 until mid-2020, carrying out high-profile attacks against organizations across nearly every sector, including healthcare providers during the COVID-19 pandemic.
It is estimated that at its peak, the Ryuk ransomware gang hacked around 20 organizations every week and made more than $150 million.
Following its shutdown in 2020, many of its members transitioned to the Conti ransomware operation, which quickly became one of the most prolific hacker groups.
Conti disbanded in 2022 after its internal chats and source code were leaked, with its members splintering into numerous cybercrime groups, some of which remain active today.
Vardanyan was indicted in February 2024 by a federal grand jury in Portland and is now scheduled to be sentenced in September 2026.
The ransomware operator faces a maximum sentence of 15 years in prison for two separate charges, as well as fines of $250,000 each.
As part of his plea agreement, Vardanyan has agreed to pay more than $1.1 million in restitution.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Get the whitepaper

