An Armenian national extradited from Ukraine has pleaded guilty to charges related to his role in notorious ransomware outfit Ryuk.
Karen Serobovich Vardanyan, 34, pleaded guilty to conspiracy and computer fraud in a federal court in Portland on July 8.
The Justice Department (DoJ) claimed that, between November 2019 and April 2020, he illegally accessed the computers of various US organizations to instal Ryuk.
These included a Michigan company that paid 200 bitcoin – over $1.1m at the time – to restore network access. Vardanyan was also accused of hacking a company in Wilsonville, Oregon, and a school in Texas.
Read more on Ryuk: Ryuk Ransomware Attackers Have Made $150m
The DoJ claimed that Vardanyan and his co-conspirators hacked and deployed ransomware on hundreds of compromised servers and workstations over the period, receiving around 1610 bitcoins in ransom payments. This was apparently valued at over $15m at the time of payment.
As part of a plea deal, Vardanyan has agreed to pay over $1.1m in restitution. However, he may still face a lengthy stretch of time behind bars. He’s looking at a maximum sentence of five years (plus a $250,000 fine) for conspiracy, and 10 years (plus another $250,000) for computer fraud.
A Brief History of Ryuk
Ryuk was one of the most prolific ransomware groups around when it operated from 2018 to 2020.
Victim organizations included US defense contractors, hospitals, IT service providers, and entities in many other sectors.
French services giant Sopra Steria took a hit of around $60m following a successful compromise, in what was one of the most expensive ransomware attacks of its time.
Ryuk disbanded in 2020, with many of its members believed to have moved across to the Conti group – which quickly made a name for itself as a sophisticated operation. However, that group in turn shut down two years later after a massive leak of internal data and chats.
Perpetrators typically remain outside the reach of Western authorities by operating from former Soviet states, where cybercriminal activity is often tolerated as long as domestic firms are not targeted.
However, US investigators have become more successful in bringing them to justice. In March, an initial access broker involved in dozens of ransomware attacks costing victims over $9m was sentenced to 81 months behind bars in the US.
