Ryuk Operator Pleads Guilty, Blackcat/AlphV Conspirator Sentenced in Ransomware Crackdown
Two significant legal actions against ransomware actors, including a guilty plea from a Ryuk operator and a lengthy prison sentence for a Blackcat/AlphV conspirator, underscore ongoing global efforts to dismantle cybercrime syndicates.

U.S. prosecutors have announced two major developments in their ongoing pursuit of individuals involved in large-scale ransomware operations. Karen Serobovich Vardanyan, a 34-year-old Armenian national, pleaded guilty to conspiracy and computer fraud charges in an Oregon federal court. For a period of approximately six months starting in November 2019, Vardanyan was allegedly involved in accessing corporate computer networks to deploy the Ryuk ransomware.
In a separate case in Florida, Angelo Martino, 41, received a 70-month federal prison sentence for his role in assisting the Blackcat/AlphV ransomware gang. Martino, who leveraged his expertise as a ransomware negotiator, was found to have facilitated the extortion of multiple victims beginning in April 2023. His involvement included providing confidential information about victim negotiation strategies to the cybercriminals, enabling them to maximize ransom demands.
Vardanyan, who was extradited from Ukraine to the U.S. in June 2025 following his arrest in Kyiv, faces a potential prison sentence of up to five years and has agreed to pay over $1.1 million in restitution. Prosecutors detailed how Vardanyan and his alleged co-conspirators targeted a Michigan company, which paid 200 bitcoin (valued at over $1.1 million at the time) to recover its network access. The group also attacked entities in Oregon and a Texas school in early 2020.
The Ryuk ransomware, first identified in August 2018, has been known for targeting large organizations with substantial ransom demands. Cybersecurity researchers and law enforcement agencies have linked Ryuk to other significant cybercrime operations, including Conti and Trickbot. International efforts have previously targeted Ryuk, leading to the prosecution of money launderers and sanctions against other alleged members.
Vardanyan's case is part of a broader investigation, with U.S. prosecutors also pursuing charges against Armenian national Levon Georgiyovych Avetisyan and Ukrainian nationals Oleg Nikolayevich Lyulyava and Andrii Leonydovich Prykhodchenko for conspiracy, fraud, and extortion. Avetisyan was reportedly in custody in France, while Lyulyava and Prykhodchenko were not in custody.
Martino, a former ransomware negotiator for DigitalMint, surrendered to U.S. Marshals in March and pleaded guilty to an extortion charge in April. Prosecutors stated that Martino was paid by BlackCat actors to share sensitive details about his employer's clients' negotiation positions, thereby aiding the attackers in their extortion efforts. Two other individuals connected to Martino's case, Ryan Goldberg and Kevin Martin, also pleaded guilty to extortion charges earlier this year and received four-year prison sentences.
In response to these incidents, DigitalMint has implemented new security controls, including mandating that all negotiations occur on auditable, logged cloud-based platforms. One of the company's founders is now personally overseeing all negotiation activities. These legal actions highlight the increasing focus on prosecuting individuals at various levels within sophisticated ransomware ecosystems.
The article details Karen Serobovich Vardanyan's guilty plea in the U.S. for his role in deploying the Ryuk ransomware against American companies between November 2019 and April 2020. Vardanyan was extradited from Kyiv and faces up to 15 years in prison, a $500,000 fine, and has agreed to pay over $1.1 million in restitution for his involvement in attacks that netted approximately $15 million in ransom payments.
The article details the guilty plea of Karen Vardanyan, an Armenian national, for his role in deploying Ryuk ransomware against three U.S. organizations between November 2019 and April 2020. Vardanyan admitted to participating in attacks that resulted in nearly $1.2 million in ransom payments from one victim, and he faces up to 15 years in prison and must pay substantial restitution. This plea adds a specific individual's conviction to the broader legal actions against Ryuk operators.