A Latvian member of the Karakurt ransomware gang was sentenced to 8.5 years in prison in the US for his involvement in extorting victims.
The individual, Deniss Zolotarjovs, 35, of Latvia, was arrested in Georgia in December 2023 and extradited to the US in August 2024. He pleaded guilty in July 2025.
Associated with the infamous Conti group and also known as TommyLeaks, Schoolboys Ransomware Gang, and Blockbit, Karakurt was one of the most notorious ransomware groups half a decade ago.
In a 2022 alert, the US government warned of the group indiscriminately targeting organizations across multiple industries to steal sensitive information and extort ransom payments from them.
The group is known for stealing personally identifiable information such as names, addresses, dates of birth, Social Security numbers, and healthcare information, and was also involved in the disruption of a 911 emergency system.
Zolotarjovs was a member of the group between June 2021 and March 2023, documents presented in court show. During that time, Karakurt hit at least 53 entities, causing $56 million in losses.
As part of the group, Zolotarjovs did not execute intrusions, but he was directly involved in extortion strategies and in negotiating with victim organizations. Online chats show that he was responsible for analyzing the stolen data and conducting ransom negotiations, or advising on them.
In one instance, when a pediatric healthcare company did not immediately pay the ransom, Zolotarjovs helped escalate pressure on the victim and recommended publishing pediatric patient data online.
Zolotarjovs, the court documents show, received 10% of the negotiated ransom payments and was paid in cryptocurrency, which he moved through multiple wallets before exchanging for Russian rubles.
Related: Two US Security Experts Sentenced to Prison for Helping Ransomware Gang
Related: Third US Security Expert Admits Helping Ransomware Gang
Related: Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems
