US Prosecutors Secure Victories Against Ryuk and BlackCat Ransomware Operators
US authorities have announced significant breakthroughs in their fight against major ransomware groups, with a Ryuk operative pleading guilty and a BlackCat/AlphV associate receiving a substantial prison sentence. These actions underscore a continued global effort to dismantle sophisticated cybercrime networks and hold perpetrators accountable.
This week, U.S. prosecutors marked two critical milestones in their ongoing campaigns against prominent ransomware organizations.
**Karen Serobovich Vardanyan**, a 34-year-old Armenian national, pleaded guilty on Wednesday in an Oregon federal court to charges of conspiracy and computer fraud. Prosecutors revealed that for approximately six months, starting November 2019, Vardanyan infiltrated corporate networks to deploy **Ryuk ransomware**.
Separately, **Angelo Martino**, 41, of Land OβLakes, Florida, was sentenced to 70 months in federal prison by a Florida court. Martino was found guilty of aiding the **Blackcat/AlphV** gang in extorting multiple victims from April 2023 onwards. Notably, Martino leveraged his prior experience as a ransomware negotiator to assist the cybercriminals.
## Ryuk Insider Behind Bars
Vardanyan was extradited from Ukraine to the U.S. in June 2023, following his arrest in Kyiv in April. He now faces a potential maximum sentence of 15 years in prison, up to $500,000 in fines, and has agreed to pay over $1.1 million in restitution. His sentencing is scheduled for September 22.
Prosecutors detailed Vardanyan's involvement, stating, βVardanyan worked with his co-conspirators to attack a company in Michigan that paid 200 bitcoin or over $1.1 million at the time of payment to restore access to their network.β The group also targeted a company in Wilsonville, Oregon, and a school in Texas in February 2020.
First detected in August 2018, Ryuk ransomware quickly gained notoriety for targeting large organizations with demands for substantial ransom payments. Law enforcement and cybersecurity researchers have linked Ryuk to other significant cybercrime operations, including **Conti** and **Trickbot**.
International authorities have relentlessly pursued Ryuk operators for years, successfully prosecuting one of its money launderers and imposing sanctions on other alleged members.
Vardanyanβs case is connected to ongoing investigations by U.S. prosecutors. Armenian national **Levon Georgiyovych Avetisyan** faces charges of conspiracy, fraud, and extortion. Ukrainian nationals **Oleg Nikolayevich Lyulyava** and **Andrii Leonydovich Prykhodchenko** are charged with similar offenses. Last year, prosecutors confirmed Avetisyan's custody in France, while Lyulyava and Prykhodchenko remain at large.
## Ransom Negotiator Turned Cybercrook Sentenced
Martino surrendered to U.S. Marshals in March and pleaded guilty to an extortion charge in April.
Prosecutors revealed that Martino βwas paid by BlackCat attackers to provide confidential information about the negotiating position and strategy of his employerβs clients and enable the ransomware actors to maximize the ransoms paid by the victims.β
Two other individuals implicated in the same case, **Ryan Goldberg** and **Kevin Martin**, also pleaded guilty to extortion charges earlier this year and received four-year prison sentences in May.
Martin and Martino were ransomware negotiators for **DigitalMint**, while Goldberg worked for the incident response firm **Sygnia**.
In response to these incidents, DigitalMint has implemented new controls, mandating that all negotiations be conducted on auditable and logged cloud-based platforms. A company founder is now personally overseeing all negotiation processes to ensure integrity and security.
