Skip to content

Armenian ransomware operator extradited to the US

  • by
  • 3 min read

Illustration: JMiks | Shutterstock

The US Department of Justice (DoJ) has extradited an Armenian national named Karen Serobovich Vardanyan, 33, for a series of cybercrimes involving a series of attacks in 2019 and 2020 carried out by the Ryuk ransomware. Vardanyan was extradited from Ukraine on June 18 and pleaded not guilty to the charges in his first court appearance.

The DoJ claims US prosecutors have charged Vardanyan with conspiracy and fraud in connection with computers and extortion. If found guilty, he faces up to five years in federal prison and a fine of up to $250,000 for each charge. Vardanyan was working with a fellow Armenian, Levon Georgiyovych Avetisyan, and two Ukrainian nationals named Oleg Nikolayevich Lyulyava and Andrii Leonydovich Prykhodchenko.

Avetisyan is currently stuck in France, where he’s awaiting a US extradition request. Lyulyava and Prykhodchenko remain at large, and their whereabouts are unknown at the time of writing. All three face charges of illegally accessing computer networks to deploy Ryuk ransomware on hundreds of compromised servers between March 2019 and September 2020.

This is an image of ransomware 32988sd

2019 and 2020 saw peak activity from the Ryuk ransomware gang. The gang attacked thousands of victims around the world across various private and government organisations. These targets include the Hollywood Presbyterian Medical Center, Universal Health Services, Electronic Warfare Associates, a North Carolina water utility company, and multiple US newspapers.

Several US hospitals and an Oregon-based tech company were also targeted by the gang — attacks that Vardanyan is being held responsible for by US prosecutors. The DoJ claims Vardanyan and his accomplices collected approximately 1,160 Bitcoins in ransom, amounting to nearly $15 million at the time.

The US, UK, and several EU countries have long been after ransomware operators, but the undertaking to root out ransomware is proving more difficult than originally anticipated. The FBI has already attempted to shut down notorious ransomware gang Lockbit multiple times by disrupting its infrastructure, only for it to come back stronger. The British NCA also targeted Cobalt Strike, a tool used by Ryuk and other ransomware gangs by shutting down 539 Cobalt Strike servers globally to slow the criminals down.

In the News: Cambodia arrests over 1,000 in cybersecurity raids

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

This is an image of dark web hacker security

Security flaw in Dahua CCTVs allows remote access

This is an image of python windows featured

Hackers are targeting Python developers with fake PyPI sites

This is an image of apple featured 2323424823

Apple patches Safari bug; Already exploited in Chrome

This is an image of dark web hacker security

Vibe coding platform breach exposes corporate apps

This is an image of dark web hacker security

Fake apps are stealing data blackmailing users on Asian mobile networks

This is an image of ransomware 32988sd

FBI collects dues from Chaos ransomware gang; $2.4 million in crypto seized

>