A federal court sentenced Deniss Zolotarjovs, 35, a Latvian national, to 102 months in prison on May 4, 2026, for his role as a ransom negotiator within a major Russian ransomware organization that operated under the Conti, Karakurt, Royal, and Akira brands [1]. Zolotarjovs had pleaded guilty in 2025 to conspiracy to commit money laundering and conspiracy to commit wire fraud [1][2]. The sentence represents one of the more significant custodial outcomes in U.S. federal prosecution of ransomware actors operating from Eastern Europe.
Zolotarjovs participated in the criminal enterprise from June 2021 through August 2023 [1]. During that period, the organization targeted more than 54 companies, causing known losses exceeding $56 million [1][3]. His specific role centered on negotiating ransom payments from victims, a function he executed using Telegram-based communications under handles that investigators linked to him following his arrest [2]. In documented instances, he leveraged stolen children's health data as leverage against victim organizations, threatening to publish sensitive records unless payment was received [1][3]. The organization also disrupted emergency services operations during at least one attack [1].
The prosecution was handled by the Department of Justice with investigative support from the FBI [1]. Assistant U.S. Attorneys A. Tysen Duva and Jason Cromartie led the case [1]. Zolotarjovs was extradited to the United States, making him a rare example of a Russian-nexus cybercriminal physically brought to a U.S. courtroom, a fact DOJ highlighted in its sentencing announcement [1][2]. The charges rested on 18 U.S.C. provisions governing wire fraud and money laundering conspiracy, statutes that prosecutors have increasingly applied to ransomware conduct involving U.S. victims regardless of where the perpetrators are located [3].
The Conti-linked ecosystem has been a sustained enforcement priority. The broader Conti organization fractured into several successor brands following a data breach that exposed its internal communications in 2022, and U.S. authorities have pursued indictments and sanctions against multiple affiliated individuals since that disruption [2][3]. The Karakurt sub-group, with which Zolotarjovs was most directly associated, operated a data-extortion model that exfiltrated victim data and threatened publication rather than relying solely on file encryption [3].
No restitution figure was confirmed in the sentencing record available at publication. The case file remains pending in federal court, and DOJ did not announce cooperating-witness arrangements or additional sealed indictments in connection with this proceeding [1].
Comments (0)