The U.S. is taking legal action against several hackers allegedly behind the Ryuk ransomware.

Armenian national Karen Serobovich Vardanyan, 33, was extradited from Ukraine last month and now faces up to five years in prison for his role in Ryuk, prosecutors said on Wednesday. They added that Ryuk was used in cyberattacks on thousands of organizations between March 2019 and September 2020. 

Vardanyan was arrested in Kyiv in April and sent to the U.S. on June 19, appearing in federal court on June 20. He will have a seven-day jury trial beginning on August 26 – where he will face charges of conspiracy, fraud in connection with computers and extortion in connection with computers. 

The DOJ said if convicted, Vardanyan faces a maximum sentence of five years in federal prison, three years’ supervised release, and a fine of $250,000 for each count.

Ukrainian authorities said Vardanyan had previously been placed on an international wanted list by the FBI. 

Federal prosecutors explained that Vardanyan is one of several Ryuk actors facing legal action. Another Armenian national, Levon Georgiyovych Avetisyan, 45, is facing similar charges and was recently arrested in France. U.S. officials said they have issued an extradition request to French authorities. 

Two Ukrainians — 53-year-olds Oleg Nikolayevich Lyulyava and Andrii Leonydovich Prykhodchenko — were also charged in connection to Ryuk activity but are not in custody. 

Court documents said Vardanyan and his co-conspirators launched over 2,400 ransomware attacks on victims around the world, including multiple state and local municipalities. The attacks “severely disrupted these entities’ abilities to function by restricting access to data and impacting communications,” prosecutors said. 

At the height of the COVID-19 pandemic in 2020, the FBI and several other U.S. agencies warned that Ryuk actors were heavily targeting hospitals across the country, 

The DOJ said Vardanyan and his team received at least $15 million in ransoms from their attacks over the years

Ryuk was first detected in August 2018 and the malware has previously been linked to Russian cybercriminals. U.S. officials previously took down Ryuk’s money laundering operations and experts tied the ransomware gang to a Russian group that also manages the Trickbot malware.