Armenian national Karen Serobovich Vardanyan, 34, pleaded guilty in US federal court for his role in Ryuk ransomware attacks targeting American organizations between 2019 and 2020, the Department of Justice announced. He faces up to 15 years in prison.
Initial access broker for ransomware
Vardanyan illegally accessed corporate networks and helped deploy Ryuk ransomware on hundreds of servers and workstations. Among the known victims were a Michigan company that paid 200 Bitcoin (worth over $1.1 million at the time), an Oregon company, and a school in Texas. The Ryuk operation collected approximately 1,610 Bitcoin in total, valued at more than $15 million when the ransoms were paid.
Indicted in February 2024, Vardanyan was extradited from Ukraine after his 2025 arrest. He pleaded guilty to conspiracy and computer fraud charges and agreed to pay more than $1.1 million in restitution. Sentencing is set for September 22, 2026.
A $150 million ransomware enterprise
A 2021 report from Advanced-Intel and HYAS estimated Ryuk generated roughly $150 million in Bitcoin ransom payments, with operators using sophisticated laundering techniques involving brokers, intermediary wallets, and exchanges such as Binance and Huobi. The group used unique ProtonMail addresses for each victim to improve operational security.
