Ryuk Ransomware Member Pleads Guilty, Faces 15 Years in U.S. Prison
A key figure in the notorious **Ryuk** ransomware operation, **Karen Serobovich Vardanyan**, has pleaded guilty in the U.S. to orchestrating attacks against American companies. Extradited from Ukraine, Vardanyan admitted to providing initial access to corporate networks and deploying the ransomware, facing a potential 15-year prison sentence and over $1.1 million in restitution.

A 34-year-old Armenian national, **Karen Serobovich Vardanyan**, has confessed to his role in a sophisticated cybercrime conspiracy targeting U.S. businesses. His plea in a U.S. court marks a significant victory for law enforcement in the ongoing battle against ransomware gangs.
**Vardanyan** was apprehended in Kyiv in April 2025 and subsequently extradited to the United States. He was a crucial component of the **Ryuk** operation, specializing in gaining initial access to corporate networks before the ransomware payload was deployed.
### Orchestrating Ransomware Attacks
Court documents reveal that **Vardanyan** and his co-conspirators breached numerous U.S. organizations between November 2019 and April 2020. Their modus operandi involved illegally accessing systems and then deploying **Ryuk** to encrypt hundreds of servers and workstations.
One notable attack cited by prosecutors involved a Michigan company that paid a staggering 200 **Bitcoin** (BTC), valued at over $1.1 million at the time. Other victims included a technology firm in Wilsonville, Oregon, and a school district in Texas.
According to the **U.S. Department of Justice (DoJ)**, **Vardanyan** and his associates collectively extorted approximately 1,610 **Bitcoin** in ransom payments, which was valued at around $15 million at the time of the attacks.
### The Legacy of Ryuk and Conti
The **Ryuk** ransomware operation was a formidable force from 2018 until mid-2020. It was responsible for high-profile attacks across various sectors, including critical healthcare providers during the peak of the **COVID-19** pandemic.
At its zenith, the **Ryuk** gang was estimated to compromise roughly 20 organizations per week, accumulating over $150 million in illicit gains.
Following **Ryuk**'s shutdown in 2020, many of its key members migrated to the **Conti** ransomware operation. **Conti** quickly rose to prominence, becoming one of the most prolific and dangerous cybercrime groups.
However, **Conti**'s reign ended in 2022 after a significant leak of its internal chats and source code. Its members subsequently splintered into numerous smaller cybercrime factions, some of which continue to operate today.
### Sentencing and Restitution
**Vardanyan** was indicted by a federal grand jury in Portland in February 2024. His sentencing is scheduled for September 2026. He faces a maximum of 15 years in prison for two separate charges, along with fines of $250,000 for each count.
As part of his plea agreement, **Vardanyan** has committed to paying over $1.1 million in restitution to his victims, underscoring the financial impact of these cyberattacks.