Ransomware negotiator sentenced for role in major cyber crime group

A Latvian man has been sentenced to eight and a half years in prison in the US for his role as a negotiator in one of the world's most notorious ransomware groups.

Deniss Zolotarjovs, 35, was a member of a ransomware gang led by former leaders of the Conti ransomware group, and variously known as Conti, Karakurt, Royal, TommyLeaks, SchoolBoys Ransomware, and Akira, among others.

Zolotarjovs was arrested in Georgia in December 2023 and transferred into US custody in August 2024. He pleaded guilty in July 2025 to conspiring to commit both money laundering and wire fraud.

“Cyber criminals might think they are invulnerable by hiding behind anonymizing tools and complex cryptocurrency patterns while they attack American victims from non-extradition countries,” said US attorney Dominick S. Gerace II for the Southern District of Ohio.

"But Zolotarjovs’s prosecution shows that federal law enforcement also has a global reach, and we will hold accountable bad actors like Zolotarjovs, who will now spend significant time in prison.”

Devastating ransomware disruption

Between June 2021 and August 2023, the group stole data from more than 54 companies in the US and around the world.

Of these, attacks on just 13 of those companies resulted in more than $56 million in losses, including approximately $2.8 million in ransom payments.

Extrapolating from the known victims and known losses, the government said it estimates the total losses for the period to likely be in the hundreds of millions of dollars.

Zolotarjovs' main role was to pile the pressure on victims who failed to pay up quickly enough. He analyzed stolen data, researched victim companies, and exploited his access to particularly sensitive and extremely personal information.

In one attack on a pediatric healthcare company, Zolotarjovs deliberately leveraged children’s health information for extortion – and when he failed to extract a ransom, he urged his co-conspirators to leak or sell their medical data.

The group was mostly Russian or Russia-based, and operated for a time out of an office building in St. Petersburg. It had a hierarchical management structure, with work split into separate teams using a network of companies registered throughout Russia, Europe, and the US to obfuscate its operations.

Members included multiple former Russian law enforcement officers, allowing the group to co-opt Russian government databases and law enforcement connections to intimidate and harass personal detractors, and to identify and evaluate potential new recruits.

It also made for special treatment for members of the organization, with the leaders avoiding Russian taxes and compulsory military service.

“Deniss Zolotarjovs helped his ransomware gang profit from hacks of dozens of companies, and even on a government entity whose 911 system was forced offline. He also used stolen children’s health information to increase his leverage to extort victim payments,” said assistant attorney general A. Tysen Duva of the Justice Department’s Criminal Division.

"The Criminal Division will continue to investigate and prosecute international hackers and extortionists from around the world, no matter where they live or operate."

FOLLOW US ON SOCIAL MEDIA

Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.