Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison
Source: Bleeping Computer
Background
Deniss Zolotarjovs (Денисс Золотарёвс), a 35‑year‑old Latvian national residing in Moscow, Russia, was arrested in Georgia, Eastern Europe, in December 2023. He was extradited to the United States and pleaded guilty in July 2025 to conspiracy to commit wire fraud and money‑laundering charges filed against him in August 2024.
According to the Department of Justice, Zolotarjovs “helped his ransomware gang profit from hacks of dozens of companies, and even on a government entity whose 911 system was forced offline.” He also used stolen children’s health information to increase leverage over victims.
Role in the Karakurt Extortion Operation
Zolotarjovs, known online as Sforza_cesarini, was a member of the Karakurt extortion operation—a group led by former Conti ransomware leaders. The gang compromised company systems, stole data, and demanded ransom under the threat of public leakage or sale of the data.
The FBI linked Zolotarjovs to at least six extortion cases against American organizations between August 2021 and November 2023. His specific role was to negotiate “cold case extortions,” where communication with victims had stalled without a ransom being paid. He conducted thorough research on targeted companies and analyzed stolen personal and health information to increase psychological pressure on victims.
Zolotarjovs was also associated with attacks carried out by other ransomware groups, including Conti, Royal, TommyLeaks, SchoolBoys Ransomware, and Akira.
Sentencing and Impact
Zolotarjovs was sentenced to 8.5 years in prison. The Department of Justice noted:
“Of the more than 54 companies attacked, attacks on just 13 of those companies resulted in over $56 million in losses, including approximately $2.8 million in ransom payments. This loss estimate only includes known victim companies and does not include an additional 41 victim companies that made $13 million in ransom payments during that same period but for whom the government does not yet have detailed loss statements.”
“Due to widespread underreporting of ransomware attacks, true loss numbers are uncertain, but extrapolating from the known victims and known losses, the government estimates total losses for the period of Zolotarjovs’s participation to likely be in the hundreds of millions of dollars.”
Zolotarjovs is the first Karakurt member to face charges and be sentenced in the United States, potentially paving the way for further prosecutions.
On the same day, two former Sygnia and DigitalMint employees were sentenced to four years in prison each for targeting U.S. companies in BlackCat (ALPHV) ransomware attacks.