Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1830+ Articles
149+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. News
  3. Armenian National Pleads Guilty to Ryuk Ransomware Attacks
Armenian National Pleads Guilty to Ryuk Ransomware Attacks
NEWS

Armenian National Pleads Guilty to Ryuk Ransomware Attacks

Karen Vardanyan, an Armenian national, has pleaded guilty to federal charges related to Ryuk ransomware attacks and faces up to 15 years in prison with $1.2 million in restitution.

Dylan H.

News Desk

July 10, 2026
3 min read

Overview

Karen Vardanyan, an Armenian national, has pleaded guilty in U.S. federal court to charges arising from his participation in Ryuk ransomware attacks. Vardanyan faces a maximum sentence of 15 years in federal prison and has agreed to pay nearly $1.2 million in restitution to victims.

Background on Ryuk

Ryuk is a sophisticated ransomware strain that emerged in 2018 and became one of the most damaging ransomware operations in history. The group behind Ryuk — widely believed to have ties to the Russian cybercriminal ecosystem and linked to the WIZARD SPIDER threat actor — targeted high-value organizations including hospitals, municipalities, and large enterprises.

Ryuk infections typically involved an initial compromise via Emotet or TrickBot malware, followed by lateral movement and the manual deployment of Ryuk ransomware across the victim's network. Ransom demands commonly ranged from hundreds of thousands to millions of dollars per victim.

Charges and Sentencing

Vardanyan's guilty plea covers offenses including:

  • Conspiracy to commit computer fraud
  • Participation in Ryuk ransomware deployment affecting multiple victims
  • Financial crimes related to ransomware proceeds

As part of the plea agreement, Vardanyan agreed to pay $1,200,000 in restitution, reflecting losses suffered by victims of the attacks he participated in. Formal sentencing is pending.

Significance

This prosecution represents continued U.S. law enforcement effort to hold ransomware actors accountable even when they operate from jurisdictions that historically have not cooperated with Western extradition requests. The guilty plea suggests Vardanyan may have been apprehended while traveling to a cooperating country, a pattern seen in prior ransomware prosecutions.

The case adds to a growing list of Ryuk and WIZARD SPIDER-affiliated individuals prosecuted in Western courts, following prior actions against members of the group in Europe and North America.

Context: DOJ Anti-Ransomware Enforcement

The Department of Justice has increasingly prioritized ransomware prosecutions as a national security matter. Key enforcement milestones include:

  • Seizures of ransomware infrastructure and cryptocurrency proceeds
  • Charges and indictments against REvil, Conti, Hive, LockBit, and BlackCat affiliates
  • Rewards of up to $10 million under the Rewards for Justice program for information leading to the identification of ransomware actors

The Vardanyan guilty plea demonstrates that even lower-profile participants in major ransomware ecosystems face meaningful legal jeopardy.

Recommendations

Organizations that may have been victims of Ryuk attacks should:

  1. Report incidents to the FBI Internet Crime Complaint Center (IC3) if not previously done — victim information may be relevant to ongoing prosecutions
  2. Review restitution eligibility — victims of Ryuk may qualify for restitution from convicted defendants
  3. Maintain offline backups — Ryuk specifically targeted backup infrastructure; robust, air-gapped backups remain the most reliable defense

Source

  • CyberScoop — Karen Vardanyan Ryuk Guilty Plea
#Ransomware#Cybercrime#Law Enforcement#Ryuk

Related Articles

Alleged Scattered Spider Hacker Peter Stokes Extradited to the United States

Peter Stokes, 19, a dual US-Estonian citizen known online as 'Bouquet,' has been extradited from Finland to face federal charges for his alleged role in...

3 min read

Amadey and StealC Malware Operations Disrupted in Operation Endgame Action

Microsoft, Europol, and international law enforcement partners have dismantled infrastructure supporting the Amadey malware loader and StealC infostealer...

6 min read

Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs

Europol has dismantled AudiA6, a cryptocurrency laundering service described as a key financial pipeline for ransomware gangs and cybercriminal networks...

4 min read
Back to all News