Key Takeaways
- Authorities said the cybercrime campaign collected roughly 1,610 bitcoin, with a Michigan company alone transferring 200 bitcoin after an attack.
- Meanwhile, the guilty plea requires more than $1.1 million in restitution, while sentencing could result in substantial prison time, fines, and supervision.
- Investigators from the FBI, the Justice Department, and Ukrainian authorities coordinated efforts, with sentencing expected after judicial review of the plea agreement.
Ransomware Attacks Forced US Companies to Pay Bitcoin for Decryption Keys
More than $15 million in bitcoin flowed from U.S. victims during a Ryuk ransomware campaign tied to Karen Serobovich Vardanyan, federal prosecutors alleged. The 34-year-old Armenian national, who was extradited from Ukraine, pleaded guilty July 8 to conspiracy and computer fraud after admitting his involvement in cyberattacks conducted from November 2019 through April 2020.
Victims encountered encrypted files, disabled workstations, and inaccessible corporate data after intruders penetrated their networks. The group spread Ryuk across hundreds of servers and computers, then used the resulting disruption to pressure organizations into purchasing decryption tools with cryptocurrency.
Federal prosecutors explained in a press release on July 9:
“As part of the scheme, ransom payments were extorted from victim companies in exchange for decryption keys to regain access to their data. A ransom note was placed on the computer systems demanding ransom payments in Bitcoin, a form of cryptocurrency, and provided an email address that victims could use to communicate with the cybercriminals.”
Payment instructions directed affected organizations toward bitcoin and established email contact with the attackers. That process allowed the conspirators to negotiate with locked-out victims, confirm transfers, and provide keys intended to restore access after funds reached addresses controlled by the group.
Corporate targets included a Michigan business that surrendered 200 bitcoin to regain control of its network. The payment exceeded $1.1 million when completed. Other incidents involved a technology company in Wilsonville, Oregon, and a Texas school attacked in February 2020.
Federal Plea Sets Restitution Terms Ahead of September Sentencing
Cryptocurrency proceeds attributed to the operation totaled approximately 1,610 bitcoin, prosecutors alleged. The collected BTC carried a value above $15 million at the time of the transactions, though the press release offered no complete victim list, wallet history, or breakdown of payments associated with individual attacks.
Grand jurors in Portland indicted Vardanyan on Feb. 22, 2024, on conspiracy, computer fraud, and extortion counts. His plea resolved the conspiracy and computer fraud charges, and the agreement requires him to provide more than $1.1 million in restitution.
Federal prosecutors wrote:
“Vardanyan faces a maximum sentence of five years in prison, a $250,000 fine, and three years of supervised release for conspiracy. He faces a maximum sentence of 10 years in prison, a $250,000 fine, and three years of supervised release for computer fraud. Vardanyan will be sentenced on Sept, 22. 2026, buy a U.S. district court judge.”
Potential penalties include separate prison terms, fines, and supervised release for each offense. A U.S. district court judge will determine the sentence Sept. 22, 2026, after reviewing the plea agreement, restitution obligation, applicable federal guidelines, and other materials submitted before the hearing.
No Comment! Be the first one.