U.S. prosecutors announced two major milestones this week in their pursuit of ransomware actors who have targeted healthcare and other critical infrastructure organizations.
Karen Serobovich Vardanyan, a 34-year-old Armenian national, pleaded guilty Wednesday in an Oregon federal court to conspiracy and computer fraud. For about six months beginning in November 2019, Vardanyan accessed corporate networks to deploy Ryuk ransomware, a strain that has caused hundreds of millions of dollars in damages across healthcare systems, schools, and businesses.
Ryuk was first detected in August 2018 and became infamous for targeting large organizations with demands for high ransom payments. Law enforcement agencies have linked it to other major cybercrime operations including Conti and Trickbot. Vardanyan was extradited from Ukraine to the U.S. in June 2025 after his arrest in Kyiv. He faces up to 15 years in prison and has agreed to pay more than $1.1 million in restitution. Sentencing is scheduled for September 22.
In a separate case, Angelo Martino, 41, of Land O Lakes, Florida, received a 70-month federal prison sentence in a Florida court for helping the Blackcat/AlphV ransomware gang extort multiple victims beginning in April 2023. Prosecutors said Martino used his experience as a ransomware negotiator to provide confidential information about victims negotiating positions to the attackers, enabling them to maximize ransom payments.
Two other men connected to the same Blackcat/AlphV case, Ryan Goldberg and Kevin Martin, pleaded guilty to extortion charges earlier this year and received four-year prison sentences in May. Martin and Martino worked as ransomware negotiators for DigitalMint while Goldberg worked for incident response firm Sygnia. DigitalMint has since implemented new controls requiring all negotiations to be conducted over auditable cloud-based platforms.
Both Ryuk and Blackcat/AlphV have heavily targeted the healthcare sector, with attacks disrupting hospital operations, delaying patient care, and exposing sensitive medical data. These convictions signal continued law enforcement focus on dismantling ransomware ecosystems that threaten patient safety and healthcare infrastructure.
