Armenian Hacker Pleads Guilty to Ryuk Ransomware Attacks on U.S. Organizations
A 34-year-old Armenian national, Karen Serobovich Vardanyan, has pleaded guilty to hacking U.S. companies and deploying Ryuk ransomware, a notorious strain that disrupted organizations across multiple sectors. Vardanyan was extradited to the U.S. after his arrest in Kyiv in April 2025, where he had been providing initial access to corporate networks.
Between November 2019 and April 2020, Vardanyan and his co-conspirators breached the systems of several U.S. entities, including a Michigan-based company that paid 200 BTC (over $1.1 million at the time), a technology firm in Wilsonville, Oregon, and a Texas school. According to the U.S. Department of Justice (DoJ), the group encrypted hundreds of servers and workstations, extorting approximately 1,610 bitcoins valued at around $15 million at the time of the attacks.
Ryuk ransomware, active from 2018 to mid-2020, targeted organizations in nearly every industry, including healthcare providers during the COVID-19 pandemic. At its peak, the gang compromised roughly 20 organizations weekly and amassed over $150 million in ransom payments. After Ryuk’s shutdown in 2020, many of its members joined the Conti ransomware operation, which later disbanded in 2022 following a major data leak.
Vardanyan was indicted in February 2024 by a federal grand jury in Portland and faces up to 15 years in prison on two charges, along with fines of $250,000 each. As part of his plea agreement, he has agreed to pay over $1.1 million in restitution. His sentencing is scheduled for September 2026.
Texas Health Resources cybersecurity rating report: https://www.rankiteo.com/company/texas-health-resources
"id": "TEX1783708025",
"linkid": "texas-health-resources",
"type": "Ransomware",
"date": "11/2019",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'location': 'Michigan, USA',
'name': 'Michigan-based company',
'type': 'Company'},
{'industry': 'Technology',
'location': 'Wilsonville, Oregon, USA',
'name': 'Technology firm',
'type': 'Company'},
{'industry': 'Education',
'location': 'Texas, USA',
'name': 'Texas school',
'type': 'Educational Institution'}],
'attack_vector': 'Initial access brokerage',
'data_breach': {'data_encryption': 'Yes',
'type_of_data_compromised': 'Encrypted data (Ryuk '
'ransomware)'},
'description': 'A 34-year-old Armenian national, Karen Serobovich Vardanyan, '
'has pleaded guilty to hacking U.S. companies and deploying '
'Ryuk ransomware, disrupting organizations across multiple '
'sectors. Vardanyan was extradited to the U.S. after his '
'arrest in Kyiv in April 2025, where he had been providing '
'initial access to corporate networks.',
'impact': {'data_compromised': 'Hundreds of servers and workstations '
'encrypted',
'financial_loss': '$15 million (extorted ransom payments)',
'operational_impact': 'Disrupted operations across multiple '
'sectors',
'systems_affected': 'Hundreds of servers and workstations'},
'initial_access_broker': {'entry_point': 'Corporate networks'},
'investigation_status': 'Guilty plea entered, sentencing scheduled for '
'September 2026',
'motivation': 'Financial gain',
'ransomware': {'data_encryption': 'Yes',
'ransom_demanded': '1,610 BTC (~$15 million)',
'ransom_paid': '200 BTC (~$1.1 million by one Michigan-based '
'company)',
'ransomware_strain': 'Ryuk'},
'references': [{'source': 'U.S. Department of Justice'}],
'regulatory_compliance': {'legal_actions': 'Federal indictment, guilty plea, '
'$1.1 million restitution'},
'response': {'law_enforcement_notified': 'Yes (U.S. Department of Justice)'},
'threat_actor': 'Karen Serobovich Vardanyan and co-conspirators',
'title': 'Armenian Hacker Pleads Guilty to Ryuk Ransomware Attacks on U.S. '
'Organizations',
'type': 'Ransomware'}