Infosecurity

Hacker Extradited from Ukraine Pleads Guilty in Ryuk Ransomware Case

Published

on

Ryuk Conspirator Faces Years in Prison After Plea Deal

An Armenian man who was extradited from Ukraine has admitted his role in the Ryuk ransomware operation, one of the most damaging cybercrime campaigns of its era. Karen Serobovich Vardanyan, 34, pleaded guilty to conspiracy and computer fraud charges in a federal court in Portland, Oregon, on July 8.

The Justice Department says Vardanyan illegally broke into the networks of multiple US organizations between November 2019 and April 2020 to install Ryuk. Among the victims: a Michigan company that paid 200 bitcoin — worth over $1.1 million at the time — just to get its files back.

He also targeted a firm in Wilsonville, Oregon, and a school in Texas. The attacks weren’t random. They were surgical, hitting entities that could least afford downtime.

The Numbers Behind the Ryuk Takedown

Court documents paint a grim picture. Vardanyan and his co-conspirators hacked hundreds of servers and workstations. They collected roughly 1,610 bitcoin in ransom payments — valued at more than $15 million when the money changed hands.

As part of the plea agreement, Vardanyan has agreed to pay over $1.1 million in restitution. But that check won’t keep him out of prison. He faces a maximum of five years (plus a $250,000 fine) for conspiracy, and up to 10 years (plus another $250,000) for computer fraud. The sentencing judge will decide the final stretch.

Ryuk’s Reign: A Quick Look Back

Ryuk was a heavyweight in the ransomware world from 2018 to 2020. Its victims included US defense contractors, hospitals, and IT service providers. French giant Sopra Steria lost around $60 million in one of the costliest ransomware incidents of its time.

The group disbanded in 2020. Many of its members are believed to have joined the Conti gang — which quickly became a major threat itself. But Conti imploded two years later after a massive leak of internal chats and data.

Why Extradition Matters in Cybercrime

Perpetrators of ransomware often operate from former Soviet states, where authorities tend to look the other way as long as domestic companies aren’t hit. That’s made Ryuk ransomware extradited cases rare — and significant.

But US investigators are getting better at pulling suspects out of those jurisdictions. In March, an initial access broker involved in dozens of attacks that cost victims over $9 million was sentenced to 81 months in a US prison.

Vardanyan’s case shows the long arm of American law enforcement is reaching further east than ever. Whether that deters the next wave of ransomware crews remains an open question.

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending

Exit mobile version