• Home
  • cyber
  • Karakurt and Conti: Conti, Akira ransomware affiliate given 8-year sentence
cyber Ransomware

Karakurt and Conti: Conti, Akira ransomware affiliate given 8-year sentence

Jun 1, 2021 2 min read
Karakurt and Conti: Conti, Akira ransomware affiliate given 8-year sentence

Latvian Ransomware Affiliate Sentenced to Over Eight Years for High-Pressure Extortion Attacks

A 35-year-old Latvian national, Deniss Zolotarjovs, has been sentenced to 102 months (over eight years) in U.S. prison for his role in a sophisticated ransomware operation linked to multiple cybercriminal groups, including Conti and Akira. Zolotarjovs, who pleaded guilty in July 2025 to money laundering and wire fraud, was extradited from Georgia to the U.S. in August 2024 after his arrest.

Prosecutors described Zolotarjovs as a key negotiator for the Karakurt ransomware group, a now-diminished but once-prolific extortion operation tied to dozens of high-profile attacks since 2020. The group operated under multiple aliases, including Conti, Royal, TommyLeaks, SchoolBoys, and Akira, and was based in an office in St. Petersburg, Russia, with alleged ties to former law enforcement officers.

Zolotarjovs specialized in escalating pressure tactics during ransom negotiations, earning a 10% cut of payments. His methods included analyzing stolen data to exploit victims’ vulnerabilities, as seen in a 2022 incident where he threatened a pediatric healthcare company by leaking children’s medical records to patients after the organization refused to pay. Between June 2021 and March 2023, he participated in attacks on over 53 companies, contributing to $56 million in losses, including $3 million in ransom payments though prosecutors believe the true financial impact was far greater.

Authorities highlighted his English proficiency and aggressive negotiation style, which made him a valuable asset. He even trained a successor who later became the group’s lead negotiator. Despite his arrest, prosecutors warned that the Karakurt-linked operation remains active, with Akira ransomware ranking as the second most observed malware family in 2025, responsible for over 100 attacks this year.

The U.S. Department of Justice (DOJ) had pushed for a 126-month sentence, arguing that Zolotarjovs would likely return to cybercrime in Russia after his release. The judge’s ruling removes a skilled and ruthless operator from the criminal ecosystem, though the broader threat persists. Zolotarjovs is the only member of his group to face U.S. prosecution to date.

Source: https://therecord.media/conti-akira-ransomware-affiliate-sentenced

Karakurt TPRM report: https://www.rankiteo.com/company/karakurt-savunma-sanayi̇-a-ş

Conti TPRM report: https://www.rankiteo.com/company/conti-group-building-consultants

"id": "karcon1778005688",
"linkid": "karakurt-savunma-sanayi̇-a-ş, conti-group-building-consultants",
"type": "Ransomware",
"date": "6/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': True,
                        'industry': 'Healthcare',
                        'type': 'Pediatric healthcare company'},
                       {'customers_affected': '53+ companies',
                        'type': 'Companies'}],
 'data_breach': {'data_encryption': True,
                 'data_exfiltration': True,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Medical records',
                                              'Personally identifiable '
                                              'information']},
 'date_publicly_disclosed': '2025-07',
 'description': 'A 35-year-old Latvian national, Deniss Zolotarjovs, has been '
                'sentenced to over eight years in U.S. prison for his role in '
                'a sophisticated ransomware operation linked to multiple '
                'cybercriminal groups, including Conti and Akira. Zolotarjovs '
                'specialized in escalating pressure tactics during ransom '
                'negotiations, contributing to over $56 million in losses from '
                'attacks on over 53 companies between June 2021 and March '
                '2023.',
 'impact': {'brand_reputation_impact': True,
            'data_compromised': True,
            'financial_loss': '$56 million',
            'identity_theft_risk': True},
 'investigation_status': 'Closed (sentenced)',
 'motivation': 'Financial gain',
 'ransomware': {'data_encryption': True,
                'data_exfiltration': True,
                'ransom_paid': '$3 million',
                'ransomware_strain': ['Karakurt', 'Akira']},
 'references': [{'source': 'U.S. Department of Justice (DOJ)'}],
 'regulatory_compliance': {'legal_actions': True},
 'response': {'law_enforcement_notified': True},
 'threat_actor': ['Karakurt',
                  'Conti',
                  'Akira',
                  'Royal',
                  'TommyLeaks',
                  'SchoolBoys'],
 'title': 'Latvian Ransomware Affiliate Sentenced for High-Pressure Extortion '
          'Attacks',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.