The United States Department of Justice has pushed charges against a suspected Ryuk ransomware operator extradited from Ukraine, last month, for carrying out a $15 million “ransomware extortion conspiracy.” The gang targeted thousands of victims worldwide, including an Oregon-based tech company.
Karen Serobovich Vardanyan, a 33-year-old Armenian national, was extradited from Ukraine on June 18, to face federal charges in the U.S. for orchestrating high-impact Ryuk ransomware attacks between March 2019 and September 2020.
The DOJ unsealed charges on July 16, stating that Vardanyan conspired to deploy Ryuk—a malware strain notorious for encrypting corporate networks and demanding ransoms in Bitcoin—from hundreds of compromised servers and workstations. As per Ukraine’s Office of the Prosecutor General, Ryuk ransomware gang members were responsible for more than 2,400 cyberattacks around the globe, which helped them extort an upward of $100 million.
The 33-year-old likely acted as an initial access broker (IAB) and “was engaged in searching for vulnerabilities in the corporate networks of the victim companies,” the Ukrainian police authorities said, at the time of the extradition announcement. “The data obtained by the hacker was used by his accomplices to plan and carry out cyberattacks.”
Court documents reveal that Vardanyan and co-conspirators—including an Armenian associate in France, Levon Georgiyovych Avetisyan and two Ukrainians, Oleg Lyulyava and Andrii Prykhodchenko—targeted a wide range of entities, spanning private businesses, municipalities, school districts, critical infrastructure operators, and hospitals. They employed Ryuk ransomware to paralyze systems, lock users out, and issue ransom demands in Bitcoin.
Reports indicate that this operation amassed approximately 1,610 Bitcoins, valued at over $15 million at the time.
Also read: How the NCA Cracked Billion-Dollar Money Laundering Rings Linked to Ransomware Gangs
Vardanyan pleaded not guilty to charges of conspiracy, fraud in connection with computers, and extortion related to ransomware use. The DOJ has set his seven-day jury trial to begin on August 26. If convicted, he faces a maximum sentence of five years in federal prison, three years’ supervised release, and a fine of $250,000 for each count.
As the FBI continues to lead the investigation and hunt for the gang’s affiliates, Vardanyan’s co-defendant Avetisyan faces a similar extradition request in France, while Lyulyava and Prykhodchenko remain at large.
