Karakurt Ransomware Negotiator Sentenced to 8.5 Years in Prison
A Latvian member of the Karakurt ransomware gang has been sentenced to 8.5 years in prison for his role in extorting victims and managing negotiations for the criminal group.
A Latvian national, Deniss Zolotarjovs, has been sentenced to 8.5 years in a United States federal prison for his role as a key negotiator for the Karakurt ransomware gang. Zolotarjovs, 35, was arrested in Georgia in December 2023 and subsequently extradited to the U.S. in August 2024, where he entered a guilty plea in July 2025 SecurityWeek.
Karakurt, which has operated under various aliases including TommyLeaks, Schoolboys Ransomware Gang, and Blockbit, was a prominent threat actor group known for its aggressive extortion tactics. The group maintained ties to the notorious Conti ransomware syndicate. Between June 2021 and March 2023, the period during which Zolotarjovs was an active member, the group successfully targeted at least 53 organizations, resulting in approximately $56 million in total losses SecurityWeek.
While Zolotarjovs did not personally conduct the technical intrusions into victim networks, his role was central to the group's extortion operations. Court documents revealed that he was responsible for analyzing stolen data to determine its value and conducting direct negotiations with victim organizations. In one particularly aggressive instance, Zolotarjovs advised the group to publish sensitive pediatric patient data online after a healthcare company failed to meet ransom demands in a timely manner SecurityWeek.
The group’s operational model focused on the exfiltration of sensitive personally identifiable information (PII), including names, addresses, dates of birth, Social Security numbers, and healthcare records. The U.S. government issued a formal warning regarding the group in 2022, highlighting their indiscriminate targeting of various industries and their willingness to disrupt critical infrastructure, including a 911 emergency system SecurityWeek.
Zolotarjovs received a 10% commission on the ransom payments he helped secure. To evade detection, he accepted these payments in cryptocurrency, which he then laundered through a series of digital wallets before converting the funds into Russian rubles SecurityWeek.
The sentencing of Zolotarjovs marks a significant milestone in the ongoing international effort to dismantle the infrastructure and leadership of major ransomware syndicates. As law enforcement agencies continue to track the movement of illicit funds and identify key personnel within these criminal enterprises, the case underscores the global reach of cybercrime investigations and the persistent threat posed by organized extortion groups SecurityWeek.