A member of the Karakurt cybercrime group has been sentenced in the United States to 8.5 years in prison for his role as a negotiator in large-scale ransomware and data extortion operations.
According to US authorities, Deniss Zolotarjovs, a Latvian national, played a central role in negotiating ransom demands on behalf of the Karakurt group. He was arrested in Georgia in 2023 and later extradited to the US, where he pleaded guilty to conspiracy charges related to wire fraud and money laundering.
Prosecutors said Zolotarjovs acted as a “cold case” negotiator, re-engaging with victims who had initially refused to pay ransom demands. His role involved applying additional pressure by leveraging stolen data, including sensitive personal and health information, to force organizations into reconsidering payment.
The Karakurt group, which emerged from members linked to the Conti ransomware operation, focused primarily on data theft and extortion rather than encryption-based attacks. After breaching networks, the group would exfiltrate large volumes of data and threaten to leak or sell it unless victims paid.
Court documents show that Zolotarjovs was connected to at least six extortion cases targeting US organizations between 2021 and 2023. In these incidents, attackers used negotiation tactics designed to maximize payments by researching victims and tailoring pressure campaigns.
Authorities estimate that attacks linked to his activity caused tens of millions of dollars in losses. In a subset of confirmed cases, 13 victim organizations reported more than $56 million in damages, including ransom payments totaling approximately $2.8 million. Additional victims are believed to have paid at least $13 million, though full figures remain unclear due to underreporting.
Investigators noted that Zolotarjovs also had ties to other ransomware operations, including groups such as Royal, Akira, and TommyLeaks, indicating overlap within the broader cybercrime ecosystem.
Officials described the case as a significant step in targeting individuals involved in ransomware operations, particularly those responsible for negotiating and enforcing extortion demands. Zolotarjovs is the first known member of the Karakurt group to be sentenced in the United States, with authorities signaling that further prosecutions may follow.
The case highlights the increasing focus on dismantling the human infrastructure behind ransomware campaigns, including negotiators who play a key role in converting data breaches into financial gain.