-
Deniss Zolotarjovs, a Latvian citizen linked to a Russian ransomware gang, was sentenced to serve 102 months in prison for participating in attacks against several companies.
-
The defendant specialized in pressuring reluctant victims by analyzing stolen data and exploiting sensitive information, once sending a general package of pediatric health records to hundreds of patients.
-
The ransomware organization caused at least $56 million in known losses from 13 victim companies – with total losses likely reaching hundreds of millions of dollars.
A 35-year-old man, Deniss Zolotarjovs, of Moscow, has received a sentence of 102 months in federal prison for his role in cyberattacks. The Latvian national who worked with a prolific Russian ransomware organization that stole from and extorted over 54 companies.
On May 4, the Justice Department announced the sentence. Zolotarjovs pleaded guilty in July 2025 to conspiracy charges involving both money laundering and wire fraud. Authorities arrested him in Georgia in December 2023, though he fought extradition, he was later transferred to US custody in August 2024.
Zolotarjovs Specialized in Pressuring Reluctant Victims
Zolotarjovs worked for a group of cybercriminals that was led by the former leadership of the Conti ransomware group. During his participation, the group operated under several brand names, including (but not limited to) Conti, Royal, Karakurt, SchoolBoys Ransomware, TommyLeaks, and Akira. The timeframe for his involvement was from June 2021 until August 2023.
The nature of his activities is to apply additional pressure on the victims to make payments even when they would not otherwise make them voluntarily. Zolotarjovs utilized stolen data to perform research about victim companies and to take advantage of access to extremely sensitive private information. When victims resisted, he pushed his co-conspirators to become “DESTROYERS” and leak stolen records to instill fear in future targets.
In one particularly disturbing attack on a pediatric healthcare company, Zolotarjovs deliberately weaponized children’s health information. After failing to extract a ransom from this victim, he urged his partners to leak or sell copies of these pediatric health records. When a co-conspirator suggested sending each child’s parents only their own data, Zolotarjovs rejected the idea as too time-consuming. Instead, he sent a general package of sensitive records to hundreds of patients.
While Zolotarjovs now face prison, authorities are not stopping there. Dutch prosecutors recently charged a 21-year-old alleged dark web “kingpin” in a separate cybercrime investigation.
Attacks Caused Over $56 Million in Known Losses
The ransomware organization’s attacks on just 13 victim companies resulted in more than $56 million in losses; this figure includes approximately $2.8 million in actual ransom payments. An additional 41 victim companies made $13 million in ransom payments during the same period, though the government has not yet obtained detailed loss statements for those cases.
Extrapolating from known victims and losses, the government estimates total losses during Zolotarjov’s participation likely reach into the hundreds of millions of dollars. These estimates exclude the psychological and financial toll on tens of thousands of individual clients whose data was stolen.
The attacks resulted in the theft and exposure of Social Security numbers, addresses, birth dates, healthcare information, and other sensitive personal data. One attack even shut down a government entity’s 911 system, placing lives at immediate risk.
Members of the organization were Russian or based in Russia. They operated for a time from an office building on Lakhtinskaya Street within St. Petersburg. The group maintained a hierarchical management structure and divided work across separate teams. They used a network of companies registered throughout Russia, Europe, and the United States to hide their operations.
Organization Included Former Russian Law Enforcement Officers
The ransomware group included some former law enforcement personnel from Russia among its members. These connections enabled the criminals to access Russian government databases and law enforcement contacts. They used these resources to threaten and torment personal detractors and to pick out and assess potential new recruits.
The corrupt relationships also provided special treatment for group members. Leaders avoided paying Russian taxes – they pay bribes regularly to exempt draft-age members from compulsory military service in Russia.
Assistant Attorney General A. Tysen Duva stated that a ruthless, cruel, and dangerous international cybercriminal is now behind bars. He noted that the defendant even used stolen children’s health information to increase his leverage for extorting victim payments.
The Cincinnati Field Office of the FBI investigated the case, with assistance from FBI offices in San Diego, Cleveland, Richmond, and Salt Lake City. The DOJ of International Affairs collaborated with Georgian officials to secure the arrest and extradition of Zolotarjovs.
