Overview
- Karen Serobovich Vardanyan, 34, pleaded guilty in Portland federal court to conspiracy and computer fraud for providing initial network access used to deploy Ryuk ransomware.
- Prosecutors say Vardanyan illegally accessed corporate networks between November 2019 and April 2020 and helped infect hundreds of servers and workstations that were later encrypted and extorted.
- Named victims include a Michigan company that paid 200 bitcoin to regain access, a firm in Wilsonville, Oregon, and a Texas school, illustrating the real-world disruption to businesses and institutions.
- As part of his plea Vardanyan agreed to pay more than $1.1 million in restitution and faces up to 15 years in prison at a sentencing hearing set for September 22, 2026.
- The case highlights wider law-enforcement progress and limits, with prosecutors tracing roughly 1,610 bitcoins to the group while independent research links Ryuk to about $150 million in ransom receipts and complex laundering through intermediaries and exchanges.