Armenian citizen Karen Serobovich Vardanyan pleaded guilty on July 8 in a federal court in Oregon, United States, to conspiracy and computer fraud. He admitted involvement in helping carry out Ryuk ransomware attacks, for which he received about 1,610 bitcoins, with a value at the time of payment of more than $15 million. Together, the two charges carry a maximum prison term of 15 years; the sentencing date is set for September 22.
(Source: U.S. Department of Justice website)
According to the allegations described by the U.S. Attorney’s Office for the District of Oregon, the Ryuk ransomware operation works as follows: after the criminal group infiltrates a company’s network, it installs Ryuk malware on hundreds of workstations and servers. The malware locks and encrypts all files of the victims until the ransom is paid; it then leaves a ransom note demanding that the victims provide an email address and pay the ransom in bitcoin. After the victims contact the attackers to negotiate the ransom amount, once the ransom is paid, the attackers provide a decryption key to restore access to the system.
A DOJ news release on July 9 said the ransom note demanded the victims pay the ransom in bitcoin and provide a contact email address.
Based on reports, known victims of this Ryuk ransomware operation include:
A company in Michigan: paid 200 bitcoins to restore network access, worth about $1.1 million at the time of payment
A technology company in Wilsonville, Oregon: became the target of the attack (specific losses not disclosed)
A school in Texas: was attacked in February 2020 (specific losses not disclosed)
The operation collected a total of about 1,610 bitcoins, with a total value at the time of payment of more than $15 million. The prosecution has not yet released a complete list of victims and has not provided wallet transaction records or payment details.
According to the U.S. Attorney’s Office for the District of Oregon, Vardanyan pleaded guilty to two charges: conspiracy (up to 5 years) and computer fraud (up to 10 years). Combined, he faces up to 15 years in prison. Each count carries an additional $250,000 in fines and three years of supervised release. A third count alleging extortion has not been resolved under the plea agreement. Sentencing is scheduled for September 22, 2026, and the court will consider the amount of restitution, the plea agreement, and the federal sentencing guidelines.
According to reports, Ryuk is a type of malware that targets and encrypts victims’ files until the ransom is paid. The attackers first infiltrate a company’s network, install the malware on hundreds of workstations and servers, and then leave a ransom note demanding that the ransom be paid in bitcoin. After payment, the attackers provide a decryption key to restore the victims’ access to the systems.
According to reports, as part of the plea agreement, Vardanyan agreed to pay more than $1.1 million in restitution. The Portland court will conduct a re-sentencing review on September 22, 2026. The court will determine the final sentence by considering the restitution amount, the plea agreement, and the federal sentencing guidelines.
Related News