Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison

Summary

Deniss Zolotarjovs, a 35-year-old Latvian national and member of the Russian Karakurt extortion gang, was sentenced to 8.5 years in prison after pleading guilty to conspiracy to commit wire fraud and money laundering. Operating under the alias "Sforza_cesarini," Zolotarjovs specialized in "cold case" extortion negotiations, leveraging stolen personal and health data to psychologically pressure victims into paying ransoms. The FBI linked him to at least six American organizations and over 54 total companies attacked between August 2021 and November 2023, generating an estimated hundreds of millions in losses.

Full text

Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison By Sergiu Gatlan May 5, 2026 06:13 AM 0 A Latvian national extradited to the United States was sentenced to 8.5 years in prison for his "cold case" negotiator role in the Russian Karakurt ransomware group. 35-year-old Deniss Zolotarjovs (Денисс Золотарёвс) of Moscow, Russia, was arrested in Georgia, Eastern Europe, in December 2023, and pleaded guilty in July 2025 to conspiracy to commit wire fraud and money laundering charges filed against him in August 2024 after he was transferred to U.S. custody. "Deniss Zolotarjovs helped his ransomware gang profit from hacks of dozens of companies, and even on a government entity whose 911 system was forced offline," said Assistant Attorney General A. Tysen Duva. "He also used stolen children's health information to increase his leverage to extort victim payments." According to court documents, Zolotarjovs (also known online as "Sforza_cesarini") was a member of the Karakurt extortion operation (led by former Conti ransomware gang leaders) that compromised company systems, stole data, and demanded ransom from victims under threat of publicly leaking or selling the data to other cybercriminals. The FBI linked Zolotarjovs with at least six cases of extortion against American organizations between August 2021 and November 2023, and said that his role was to negotiate so-called "cold case extortions," when communication with the victims had halted without a ransom being paid. Zolotarjovs played a key role in coercing victims to reconsider their stance against ransom demands, conducting thorough research on targeted companies and analyzing stolen personal and health information to increase psychological pressure. He was also associated with attacks against victim organizations by various other ransomware groups, including Conti, Royal, TommyLeaks, SchoolBoys Ransomware, and Akira. "Of the more than 54 companies attacked, attacks on just 13 of those companies resulted in over $56 million in losses, including approximately $2.8 million in ransom payments. This loss estimate only includes known victim companies and does not include an additional 41 victim companies that made $13 million in ransom payments during that same period but for whom the government does not yet have detailed loss statements," the Department of Justice noted. "Due to widespread underreporting of ransomware attacks, true loss numbers are uncertain, but, extrapolating from the known victims and known losses, the government estimates total losses for the period of Zolotarjovs's participation to likely be in the hundreds of millions of dollars." Zolotarjovs is the first Karakurt member to face charges and be sentenced in the U.S., which could lead to the prosecution of more members in the future, some of them former Russian law enforcement officers. "These connections allowed members of the group to co-opt Russian government databases and law enforcement connections to intimidate and harass personal detractors, and to identify and evaluate potential new recruits to the organization," DOJ added. "Corruption also ensured special treatment for members of the organization. Leaders avoided Russian taxes and regularly paid bribes to exempt members — draft-age men — from compulsory military service in Russia." On Thursday, two former Sygnia and DigitalMint employees were also sentenced to four years in prison each for targeting U.S. companies in BlackCat (ALPHV) ransomware attacks. 99% of What Mythos Found Is Still Unpatched. AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop. Claim Your Spot Related Articles: Trellix source code breach claimed by RansomHouse hackersUS ransomware negotiators get 4 years in prison over BlackCat attacksCritrical cPanel flaw mass-exploited in "Sorry" ransomware attacksVideo service Vimeo confirms Anodot breach exposed user dataCheckmarx confirms LAPSUS$ hackers leaked its stolen GitHub data

Entities