Four men are accused of targeting U.S. companies with Ryuk ransomware attacks, including a company in Oregon that had its data and credentials stolen in 2019 when 15 machines were compromised, according to court records.
Ryuk ransomware is a type of malicious software designed to encrypt data on a computer or network and prevent access to encrypted files until the victim pays a ransom.
The ransom notes received, according to the federal indictment, typically started: “ Gentlemen! Your business is at serious risk. There is a significant hole in the security system of your company. We’ve easily penetrated your network. You should thank the Lord for being hacked by serious people not some stupid schoolboys or dangerous punks. They can damage all your important data just for fun.”
The indictment filed in Portland doesn’t identify the Oregon company and prosecutors in U.S. Attorney’s Office declined to release the name.
News accounts reported in 2019 that a major cyberattack hit the Norwegian aluminum and renewable energy company Norsk Hydro, forcing its Portland plant to use manual operations. The coverage noted that the plant didn’t pay the ransom — which is consistent with the indictment in this case.
The indictment alleges that the four men from March 2019 through September 2020 accessed hundreds of computer servers and workstation in Oregon, California, Pennsylvania, Virginia, Maryland and Michigan and of a private school in Texas.
Ransom notes placed on the computer systems demanded payment in bitcoin and provided an email address to communicate with the alleged cybercriminals.
The men were paid a total of 1,610 bitcoin worth about $15 million, the indictment says.
Last month, one of the four suspects, Karen Serobovich Vardanyan, 33, of Armenia, was extradited from Ukraine to the United States. He pleaded not guilty in Portland to conspiracy, fraud in connection with computers and extortion charges, according to court records.
Three other alleged accomplices aren’t in custody but have been identified in court records as Levon Georgiyovych Avetisyan, 45, an Armenian national believed to be in France; Oleg Nikolayevich Lyulyava, 53, and Andrii Leonydovich Prykhodchenko, 53, both of Ukraine.
Ryuk ransomware has been used to target thousands of victims worldwide across a variety of sectors, including private industry, state and city governments, school districts, critical infrastructure and hospitals. The attacks have restricted access to data and disrupted communications.
The FBI, with help from the U.S. Department of Justice’s Office of International Affairs, worked on the case. A temporary trial date has been set for Aug. 26.
— Maxine Bernstein covers federal court and criminal justice. Reach her at 503-221-8212, mbernstein@oregonian.com, follow her on X @maxoregonian, on Bluesky @maxbernstein.bsky.social or on LinkedIn.
If you purchase a product or register for an account through a link on our site, we may receive compensation. By using this site, you consent to our User Agreement and agree that your clicks, interactions, and personal information may be collected, recorded, and/or stored by us and social media and other third-party partners in accordance with our Privacy Policy.
