Latvian Ransomware Negotiator Sentenced in Landmark Cybercrime Case
A Latvian national, Deniss Zolotarjovs (35), has been sentenced to 102 months in U.S. federal prison for his role as a key negotiator in a sophisticated Russian ransomware syndicate. Operating between June 2021 and August 2023, the group targeted over 54 organizations worldwide, employing psychological extortion tactics to coerce victims into paying ransoms.
Zolotarjovs specialized in leveraging stolen data, identifying the most damaging information to pressure victims who resisted initial demands. His methods included distributing sensitive records such as children’s medical files from a pediatric healthcare provider when targets refused to comply. The syndicate, led by former Conti members, used multiple ransomware strains (Akira, Royal, Karakurt, TommyLeaks, and SchoolBoys) to obscure their activities and evade detection.
Based in St. Petersburg, Russia, the group operated with corporate-like structure, laundering proceeds through shell companies and recruiting former Russian law enforcement to access government databases. Corruption was systemic, with bribes used to avoid military conscription and tax obligations. Financial losses from just 13 known victims exceeded $56 million, with an additional $13 million paid by 41 others. The true impact is likely higher due to underreporting.
Beyond financial harm, attacks disrupted critical infrastructure, including a 911 emergency response system. Zolotarjovs was arrested in Georgia in December 2023, extradited to the U.S. in August 2024, and pleaded guilty to money laundering and wire fraud conspiracy in July 2025. His sentencing reflects a coordinated international effort, led by the FBI’s Cincinnati Field Office, to hold ransomware operatives accountable regardless of location.
Source: https://cyberpress.org/member-of-russian-ransomware/
911Cyber cybersecurity rating report: https://www.rankiteo.com/company/911cyber
"id": "9111778077940",
"linkid": "911cyber",
"type": "Ransomware",
"date": "6/2021",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'industry': ['Healthcare',
'Emergency Services',
'Multiple'],
'location': 'Worldwide',
'type': 'Healthcare, Critical Infrastructure, Various '
'Industries'}],
'data_breach': {'data_encryption': 'Yes (ransomware strains)',
'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (e.g., children’s medical files)',
'type_of_data_compromised': ['Medical records',
'Sensitive personal '
'information']},
'description': 'A Latvian national, Deniss Zolotarjovs (35), has been '
'sentenced to 102 months in U.S. federal prison for his role '
'as a key negotiator in a sophisticated Russian ransomware '
'syndicate. The group targeted over 54 organizations '
'worldwide, employing psychological extortion tactics to '
'coerce victims into paying ransoms. The syndicate used '
'multiple ransomware strains (Akira, Royal, Karakurt, '
'TommyLeaks, and SchoolBoys) to obscure their activities and '
'evade detection. Financial losses from just 13 known victims '
'exceeded $56 million, with an additional $13 million paid by '
'41 others.',
'impact': {'data_compromised': 'Sensitive records, including children’s '
'medical files',
'financial_loss': '$69 million (reported)',
'identity_theft_risk': 'High (personally identifiable information '
'exposed)',
'operational_impact': 'Disruption of critical infrastructure and '
'emergency services',
'systems_affected': 'Over 54 organizations worldwide, including '
'critical infrastructure (e.g., 911 emergency '
'response system)'},
'investigation_status': 'Closed (sentencing completed)',
'motivation': 'Financial gain, extortion',
'post_incident_analysis': {'corrective_actions': 'International law '
'enforcement coordination, '
'arrest and extradition of '
'key operatives',
'root_causes': 'Sophisticated ransomware syndicate '
'with corporate-like structure, '
'systemic corruption, and use of '
'multiple ransomware strains to '
'evade detection'},
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransom_paid': '$69 million (reported)',
'ransomware_strain': ['Akira',
'Royal',
'Karakurt',
'TommyLeaks',
'SchoolBoys']},
'references': [{'source': 'U.S. Department of Justice'}],
'regulatory_compliance': {'legal_actions': 'Money laundering and wire fraud '
'conspiracy charges'},
'response': {'law_enforcement_notified': 'Yes (FBI, international '
'coordination)'},
'threat_actor': 'Russian ransomware syndicate (former Conti members)',
'title': 'Latvian Ransomware Negotiator Sentenced in Landmark Cybercrime Case',
'type': 'Ransomware'}