Armenian citizen Karen Serobovich Vardanyan pleaded guilty on July 8 in a federal court in Oregon, United States, to conspiracy and computer fraud. He admitted involvement in helping carry out Ryuk ransomware attacks, for which he received about 1,610 bitcoins, with a value at the time of payment of more than $15 million. Together, the two charges carry a maximum prison term of 15 years; the sentencing date is set for September 22.
How Ryuk ransomware attacks work: Infiltrate corporate networks, encrypt files, and process the bitcoin ransom payment
(Source: U.S. Department of Justice website)
According to the allegations described by the U.S. Attorney’s Office for the District of Oregon, the Ryuk ransomware operation works as follows: after the criminal group infiltrates a company’s network, it installs Ryuk malware on hundreds of workstations and servers. The malware locks and encrypts all files of the victims until the ransom is paid; it then leaves a ransom note demanding that the victims provide an email address and pay the ransom in bitcoin. After the victims contact the attackers to negotiate the ransom amount, once the ransom is paid, the attackers provide a decryption key to restore access to the system.
A DOJ news release on July 9 said the ransom note demanded the victims pay the ransom in bitcoin and provide a contact email address.
Three Known Victims and the Scale of the Bitcoin Ransom Demand
Based on reports, known victims of this Ryuk ransomware operation include:
A company in Michigan: paid 200 bitcoins to restore network access, worth about $1.1 million at the time of payment
A technology company in Wilsonville, Oregon: became the target of the attack (specific losses not disclosed)
A school in Texas: was attacked in February 2020 (specific losses not disclosed)
The operation collected a total of about 1,610 bitcoins, with a total value at the time of payment of more than $15 million. The prosecution has not yet released a complete list of victims and has not provided wallet transaction records or payment details.
Frequently Asked Questions
What criminal charges does Karen Vardanyan face, and what is the maximum possible sentence?
According to the U.S. Attorney’s Office for the District of Oregon, Vardanyan pleaded guilty to two charges: conspiracy (up to 5 years) and computer fraud (up to 10 years). Combined, he faces up to 15 years in prison. Each count carries an additional $250,000 in fines and three years of supervised release. A third count alleging extortion has not been resolved under the plea agreement. Sentencing is scheduled for September 22, 2026, and the court will consider the amount of restitution, the plea agreement, and the federal sentencing guidelines.
What is Ryuk ransomware, and how does it attack enterprises?
According to reports, Ryuk is a type of malware that targets and encrypts victims’ files until the ransom is paid. The attackers first infiltrate a company’s network, install the malware on hundreds of workstations and servers, and then leave a ransom note demanding that the ransom be paid in bitcoin. After payment, the attackers provide a decryption key to restore the victims’ access to the systems.
What restitution arrangements are included in Vardanyan’s plea agreement?
According to reports, as part of the plea agreement, Vardanyan agreed to pay more than $1.1 million in restitution. The Portland court will conduct a re-sentencing review on September 22, 2026. The court will determine the final sentence by considering the restitution amount, the plea agreement, and the federal sentencing guidelines.