Security Affairs
Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 105|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 105|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|
Advertisement

Ad Placeholder

Full Width × 90

Uncategorized

Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations

An alleged Ryuk ransomware member pleaded guilty in the U.S. for helping deploy attacks on American companies and faces up to 15 years in prison. Armenian national Karen Serobovich Vardanyan (34) pleaded guilty in the U.S. for his role in Ryuk ransomware attacks targeting American organizations between 2019 and 2020. Extradited from Ukraine after his […]

Ryuk ransomware

An alleged Ryuk ransomware member pleaded guilty in the U.S. for helping deploy attacks on American companies and faces up to 15 years in prison.

Armenian national Karen Serobovich Vardanyan (34) pleaded guilty in the U.S. for his role in Ryuk ransomware attacks targeting American organizations between 2019 and 2020. Extradited from Ukraine after his 2025 arrest, he admitted providing initial access to corporate networks that enabled ransomware deployment.

“An Armenian national extradited from Ukraine to the United States pleaded guilty yesterday for his role in Ryuk ransomware attacks and an extortion conspiracy targeting companies throughout the United States, including a technology company operating in Oregon.” reads the press release published by DoJ. “Karen Serobovich Vardanyan, 34, pleaded guilty to conspiracy and computer fraud.”

Between November 2019 and April 2020, Karen Vardanyan illegally accessed corporate networks and helped deploy Ryuk ransomware on hundreds of servers and workstations.

The attacks encrypted victims’ data and demanded Bitcoin payments in exchange for decryption keys. Among the victims were a Michigan company that paid 200 Bitcoin (worth over $1.1 million at the time), a company in Oregon, and a school in Texas. Overall, the group is believed to have collected around 1,610 Bitcoin, valued at more than $15 million when the ransoms were paid.

A U.S. federal grand jury indicted Vardanyan in February 2024 on conspiracy, computer fraud, and extortion charges. He faces up to 15 years in prison and will be sentenced on September 22, 2026. Under his plea agreement, he also agreed to pay more than $1.1 million in restitution.

According to a report published by Advanced-intel and HYAS in 2021, Ryuk was a highly profitable ransomware operation, generating an estimated $150 million in Bitcoin ransom payments. Researchers traced 61 wallet addresses linked to the group and identified laundering mechanisms involving brokers, intermediary wallets, and cryptocurrency exchanges such as Binance and Huobi. The operators used professional money-flow techniques and created unique ProtonMail addresses for each victim to improve operational security and avoid detection.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Ryuk ransomware)