Armenian citizen pleads guilty to ransomware attacks in Oregon and elsewhere
The federal indictment says this was the typical ransom note left for companies targeted by Karen Serobovich Vardanyan, 34, and three other men.U.S. Attorney’s Office
A 34-year-old man from Armenia has pleaded guilty to targeting five U.S. companies and one private school with Ryuk ransomware attacks, including a business in Oregon that had its data and credentials stolen in 2019, according to court records.
Karen Serobovich Vardanyan on Wednesday pleaded guilty to conspiracy and computer fraud in federal court in Portland.
Ryuk ransomware is a type of malicious software designed to encrypt data on a computer or network and prevent access to encrypted files until the victim pays a ransom.
As part of the plea agreement, Vardanyan has agreed to pay over $1.1 million in restitution, federal prosecutors said. He’ll be sentenced on Sept. 22.
Prosecutors did not identify the companies or school attacked.
But prior news accounts reported a major cyberattack hit the Norwegian aluminum and renewable energy company Norsk Hydro in 2019, forcing its Portland area plant to use manual operations after at least 15 workstations were compromised and company credentials and data were stolen. The coverage noted that the plant didn’t pay the ransom, which is consistent with the indictment in this case.
Vardanyan and three accomplices from March 2019 through September 2020 accessed hundreds of computer servers and workstations at the Oregon company, at four other companies in Virginia, Michigan, Pennsylvania and California and at a private school in Texas, according to federal prosecutors.
Vardanyan and his alleged accomplices were paid 200 Bitcoin, valued at $1.1 million at the time, to restore access to the unidentified Michigan company’s network, according to federal prosecutors.
In Virginia, an unidentified company in March 2019 paid a total of 110 Bitcoin following a ransomware attack that compromised 100 servers and 300 workstations, according to court records.
The unidentified company hit in Pennsylvania in September 2020 paid 1,300 Bitcoin following the ransomware attack that compromised 100 servers, prosecutors said.
The hackers were paid a total of 1,610 Bitcoin, worth about $15 million, in their extortion scheme, according to the U.S. government.
Vardanyan was extradited from Ukraine to the United States last year.
Three other alleged accomplices haven’t been taken into custody. They have been identified in court records as Levon Georgiyovych Avetisyan, an Armenian national believed to be in France, and Oleg Nikolayevich Lyulyava and Andrii Leonydovich Prykhodchenko, both of Ukraine.

The federal indictment says this was the typical ransom note left for companies targeted by Karen Serobovich Vardanyan, 34, and three other men.U.S. Attorney’s Office