Portland

Portland Bitcoin Shakedown, Ryuk Ransomware Crew Snagged After $15 Million Hit On Wilsonville Company

AI Assisted Icon
Published on July 10, 2026
Portland Bitcoin Shakedown, Ryuk Ransomware Crew Snagged After $15 Million Hit On Wilsonville CompanySource: Wikimedia/Quince Media, CC BY-SA 4.0, via Wikimedia Commons

A sprawling Ryuk ransomware scheme that quietly drained roughly $15 million in Bitcoin from U.S. businesses, including a company in Wilsonville, is now landing one of its operators in federal prison territory.

Prosecutors say the crew pulled in about 1,610 bitcoins from victims between November 2019 and April 2020, targeting organizations around the country. One Michigan firm alone paid 200 bitcoin to get its systems back online, according to court documents. The defendant has agreed to pay more than $1.1 million in restitution and is scheduled to be sentenced in September.

According to a press release by the U.S. Attorney's Office for the District of Oregon, Karen Serobovich Vardanyan, 34, pleaded guilty on July 9, 2026 to conspiracy and computer fraud tied to the deployment of Ryuk ransomware and participation in an extortion conspiracy. The release states that Vardanyan and co-conspirators illegally accessed victim networks, installed ransomware on compromised servers and workstations, and left ransom notes that demanded payment in Bitcoin. Prosecutors say the group received approximately 1,610 bitcoins in ransom payments and that Vardanyan agreed to pay over $1.1 million in restitution, with sentencing set for Sept. 22, 2026.

Local coverage first spotlighted the Oregon angle and confirmed that a Wilsonville company was among the victims, and area outlets have tracked the case since the original indictment. As reported by KOIN, the value of the stolen coins climbed as cryptocurrency markets moved, inflating the take in U.S. dollars and making recovery efforts and insurance claims even messier. Local technology managers say the prosecution highlights how hard it is for smaller firms to fend off targeted, hands-on-keyboard ransomware attacks.

What Prosecutors Say

In court filings, prosecutors describe a familiar Ryuk playbook: break into a network, steal credentials, move laterally across systems, then encrypt critical servers to crank up the pressure on victims to pay in Bitcoin. The federal filing points to a Michigan company that paid 200 bitcoin and cites a February 2020 attack on a Texas school district as part of the same conspiracy. The case is being handled by Assistant U.S. Attorney Katherine A. Rykken and investigated by the FBI, according to the U.S. Attorney's Office.

How Ryuk Works And Why Small Firms Are Vulnerable

Ryuk is a high-impact ransomware strain that often uses manual intrusion techniques and follow-on tools to spread, encrypt data, and undermine backups, behaviors that security researchers have documented in standard threat frameworks. The MITRE ATT&CK framework, for instance, describes the tactic of encrypting data for impact (T1486). Analysts note that the mix of credential theft and lateral movement frequently overwhelms under-resourced IT teams, driving up recovery costs. That blend of pressure and technical sophistication helps explain why the group went after large corporate and institutional targets.

What Businesses Should Do Now

Federal guidance urges organizations hit by ransomware to preserve forensic evidence, isolate affected systems, and contact law enforcement instead of trying to wing it in private talks with extortionists. A joint advisory from CISA, the FBI, and HHS lays out specific mitigation steps and reporting protocols that companies and insurers often lean on during response and recovery. Prosecutors say the plea is a reminder of the value of segmented backups, regular recovery drills, and relationships with incident-response partners. CISA

The guilty plea closes one chapter in an international Ryuk campaign but leaves a big question hanging over how many smaller vendors ultimately absorbed disruption or financial loss. With sentencing and restitution hearings set for September, Oregon businesses will be watching to see how much accountability and recovery this case actually delivers for victims close to home.