Key Negotiator for Conti and Akira Ransomware Syndicates Sentenced to Eight Years
A Latvian ransomware affiliate has been sentenced to more than eight years in U.S. prison for his role as a lead negotiator for a criminal syndicate that operated under multiple aliases, including Conti and Akira.

A Latvian national, Deniss Zolotarjovs, has been sentenced to over eight years in a U.S. prison for his role as a key negotiator and operator for a prolific ransomware syndicate. Zolotarjovs, who pleaded guilty to money laundering and wire fraud charges in July 2025, was extradited from Georgia to the United States in August 2024 to face justice for his involvement in high-stakes extortion campaigns The Record.
Operating between June 2021 and March 2023, Zolotarjovs served as a specialized negotiator for a criminal organization that utilized several notorious ransomware brands, including Conti, Akira, Karakurt, Royal, TommyLeaks, and SchoolBoys. Prosecutors revealed that Zolotarjovs was tasked with analyzing stolen data to apply maximum pressure on victims during ransom negotiations. His role was so critical that he was often brought in to finalize deals, earning a 10% commission on successful ransom payments. In one particularly aggressive instance, he pressured co-conspirators to leak sensitive pediatric health records after a healthcare provider refused to pay, even going so far as to send stolen data samples directly to patients The Record.
The criminal enterprise Zolotarjovs supported was sophisticated, allegedly operating out of an office building in St. Petersburg, Russia. The group reportedly employed former Russian law enforcement officers, which provided the operation with unique advantages, including recruitment pipelines and exemptions from taxes and military service. FBI investigators gained critical insight into the group’s inner workings by accessing a chat server where members coordinated their extortion efforts and tracked their illicit profits The Record.
During his tenure, Zolotarjovs’s activities contributed to the victimization of at least 53 companies, resulting in approximately $56 million in total losses, including nearly $3 million in direct ransom payments. Prosecutors noted that these figures likely represent a significant undercount of the actual financial damage. Due to his background in Western Europe and his proficiency in English, Zolotarjovs was considered a high-value asset, even training other negotiators who later became leaders within the organization The Record.
While Zolotarjovs is the only member of the group to face a U.S. court, the broader organization remains a significant threat. Google incident responders reported that Akira, one of the gang's primary brands, was the second most frequently observed malware family in 2025, with researchers linking the operation to over 100 attacks this year alone. Prosecutors argued for a substantial sentence, warning that the group continues to grow more dangerous and that Zolotarjovs would likely return to cybercriminal activities if permitted to return to Russia The Record.
This sentencing highlights the persistent threat posed by ransomware-as-a-service models that leverage specialized roles to maximize extortion success. As these criminal groups continue to evolve, the case underscores the challenges of international law enforcement in dismantling organizations that operate with the tacit protection of state-aligned infrastructure. Security researchers and law enforcement agencies continue to monitor the group's activities as they remain one of the most active ransomware operations globally The Record.