Deniss Zolotarjovs, 35, a Latvian national residing in Moscow, was sentenced to 8.5 years in U.S. federal prison for his role as the Karakurt extortion gang’s “cold case” negotiator — making him the first member of the group ever charged and convicted in the United States. The FBI linked Zolotarjovs to at least six extortion cases resulting in more than $56 million in ransom payments from 13 victim companies across his active period from August 2021 to November 2023.
How Deniss Zolotarjovs Revived Stalled Karakurt Extortion Negotiations
Zolotarjovs’s role within Karakurt was specialized: he handled extortion cases where initial negotiations had broken down and victims appeared unwilling to pay. Prosecutors described him as a “cold case” negotiator, a function focused on reopening failed demands rather than conducting first-contact extortion. To increase psychological pressure on victims who had gone silent, Zolotarjovs researched targets’ personal information and health records, then used that material to threaten more damaging disclosures or escalate to individuals connected to the victim organization.
The approach was designed to convert negotiations that had effectively failed into successful ransom collections — in at least six documented cases, it worked. The 13 victim companies linked to Zolotarjovs paid a combined total exceeding $56 million, according to the FBI’s accounting.
Karakurt’s Origins in the Conti Ransomware Syndicate
Karakurt is a Russian extortion operation with direct roots in the Conti ransomware group, which was one of the most prolific ransomware syndicates of the early 2020s before fragmenting in 2022 following a major internal data leak. Former Conti members seeded several successor operations, including Karakurt, BlackBasta, and others. Unlike traditional ransomware groups that encrypt victims’ files as leverage, Karakurt operates as a data theft extortion group: it exfiltrates sensitive data and threatens to publish it without deploying file-encrypting malware. This operational model has made attribution and prosecution more complex, as the crime pattern differs from ransomware incidents that leave encrypted files as forensic evidence.
Charges: Wire Fraud Conspiracy and Money Laundering
Zolotarjovs was convicted on charges of conspiracy to commit wire fraud and money laundering. The money laundering charge reflects the proceeds of extortion payments, which were routed through cryptocurrency and other obfuscation methods consistent with organized cybercriminal financial networks. His active operational period — August 2021 through November 2023 — spans the peak growth years for Karakurt, during which the group claimed dozens of victims.
First U.S. Prosecution of a Karakurt Member and Its Significance for Extortion-Only Operations
The conviction of Zolotarjovs establishes a legal precedent that extortion gang negotiators — not just ransomware coders, operators, or affiliate network managers — are subject to U.S. federal prosecution. Prior prosecutions of ransomware-adjacent actors have predominantly focused on those who coded or directly operated encryption tools, or who laundered funds. The Karakurt case demonstrates that the supporting roles within an extortion operation, including those focused purely on negotiation strategy, fall within the scope of U.S. federal jurisdiction when the victims are located in the United States.
Zolotarjovs was a Latvian national living in Russia — a profile consistent with the jurisdictional complexity that typically protects cybercriminal actors in non-extradition countries. The specific circumstances of his arrest and extradition were not detailed in available reporting; his presence in a jurisdiction that cooperated with U.S. law enforcement was necessary for the prosecution to proceed.
Related Sentences: Former Cybersecurity Employees Convicted in BlackCat Facilitation Case
Two former cybersecurity professionals — previously employed at Sygnia and DigitalMint — each received four-year sentences in a related case involving facilitation of BlackCat ransomware operations. The BlackCat group, also known as ALPHV, was another successor to the Conti ecosystem. The concurrent sentencing activity in multiple Conti-linked cases suggests sustained federal investigative focus on the broader network of actors who emerged from the 2022 Conti collapse.
Karakurt’s Victim Toll and the DOJ’s Position on Non-Encrypting Extortion
The Karakurt operation’s documented victim count — at least 13 companies linked to Zolotarjovs alone, with total ransom payments exceeding $56 million — represents a fraction of the group’s full activity, as extortion operations of this scale typically claim far more victims than the cases that reach prosecution. The Justice Department’s willingness to pursue a felony wire fraud and money laundering prosecution against a negotiator, rather than only against operators who deployed malware, signals that the legal classification of extortion gang roles has broadened.
Zolotarjovs’s 8.5-year sentence is among the most significant cybercrime sentences handed down in the United States for an actor whose role was defined by negotiation rather than technical operations.
