Karen Serobovich Vardanyan, a 34-year-old Armenian national extradited from Ukraine, pleaded guilty in federal court in Portland to conspiracy and computer fraud for deploying Ryuk ransomware against U.S. companies between November 2019 and April 2020, the Justice Department said.
Prosecutors say Vardanyan and his co-conspirators collected roughly 1,610 Bitcoin, worth more than $15 million at the time, from victims including a Michigan company, an Oregon tech firm, and a Texas school district.
The Ryuk ransomware case reaches a turning point
The U.S. Department of Justice announced that Karen Serobovich Vardanyan, a 34-year-old Armenian national extradited from Ukraine, pleaded guilty in federal court to conspiracy and computer fraud charges connected to Ryuk ransomware attacks carried out between November 2019 and April 2020.
According to prosecutors, Vardanyan and his co-conspirators infiltrated corporate networks before deploying Ryuk ransomware across hundreds of compromised servers and workstations.
Victims received ransom notes demanding payment in Bitcoin in exchange for decryption keys that would restore access to encrypted systems.
Authorities said one Michigan-based company transferred 200 Bitcoin, valued at more than $1.1 million at the time, to regain access to its systems. Additional confirmed victims included a technology company in Oregon and a Texas school district.
Overall, investigators estimate the criminal operation collected approximately 1,610 BTC, equivalent to more than $15 million during the attacks.
Vardanyan also agreed to pay over $1.1 million in restitution as part of his plea agreement. He is scheduled to be sentenced in September.
“Vardanyan and his co-conspirators illegally accessed computer networks of victim companies and deployed ransomware on hundreds of compromised servers and workstations.” U.S. Department of Justice, District of Oregon.
Bitcoin remains central to ransomware economics
Although blockchain analytics have become increasingly sophisticated, Bitcoin continues to dominate ransomware payments because of its global accessibility, liquidity, and established infrastructure.
In the Ryuk operation, every ransom demand instructed victims to send Bitcoin before receiving decryption tools.
Law enforcement agencies have since become more effective at tracing blockchain transactions, enabling investigators to connect wallet activity with criminal organizations despite attempts to obscure fund movements.
Academic research has consistently shown that ransomware groups depend heavily on cryptocurrency networks for settlement while increasingly adopting laundering strategies across multiple wallets and exchanges to complicate investigations.
The latest guilty plea demonstrates that while cryptocurrency facilitates cross-border payments, it also leaves a permanent transaction history that investigators can exploit alongside international cooperation.
International cooperation strengthens cybercrime enforcement
The investigation involved the Federal Bureau of Investigation (FBI), the U.S. Department of Justice’s Office of International Affairs, and Ukrainian authorities, reflecting the growing emphasis on multinational cooperation against cybercrime.
The Ryuk group was among the world’s most damaging ransomware operations before many of its members transitioned into the Conti ransomware organization following Ryuk’s decline in 2020.
Security researchers estimate Ryuk generated hundreds of millions of dollars in damages globally through attacks targeting healthcare providers, schools, manufacturers, and businesses.
The guilty plea follows several recent prosecutions targeting ransomware operators and facilitators, signaling that authorities are increasingly pursuing every layer of cybercriminal organizations.
“The Justice Department will continue to work with international partners to bring to justice anyone, anywhere who attacks the United States with ransomware.” Assistant Attorney General A. Tysen Duva, U.S. Department of Justice.
Why the case matters for crypto investors
For cryptocurrency investors, the Ryuk prosecution illustrates the dual reality facing the digital asset industry.
On one hand, Bitcoin remains a legitimate institutional asset embraced by ETFs, corporate treasuries, and regulated financial firms.
On the other, high-profile criminal cases continue to reinforce policymakers’ focus on anti-money laundering (AML), Know Your Customer (KYC), and blockchain surveillance requirements.
Rather than undermining Bitcoin itself, these investigations increasingly demonstrate how transparent blockchain records can assist law enforcement in identifying criminal networks years after attacks occur.
As governments continue expanding international cooperation and blockchain forensic capabilities, the emphasis is shifting away from questioning cryptocurrency’s legitimacy toward improving compliance infrastructure across exchanges, custodians, and payment providers.
The Ryuk case serves as another reminder that while digital assets have transformed global finance, they also remain intertwined with cybersecurity policy, regulatory oversight, and international criminal enforcement.