Latvian Cybercriminal Sentenced for Role in Major Ransomware Operation
A Latvian national, Deniss Zolotarjovs, has been sentenced to 102 months in prison for his involvement in a Russian-linked ransomware syndicate that targeted over 54 companies worldwide between June 2021 and August 2023. The sentencing, announced by the U.S. Department of Justice, marks a key victory in dismantling international cybercrime networks.
Zolotarjovs played a central role in the group’s extortion operations, which operated under multiple ransomware brands, including Conti, Karakurt, Royal, TommyLeaks, SchoolBoys Ransomware, and Akira. His primary responsibility was escalating pressure on victims who resisted ransom demands by analyzing stolen data and leveraging sensitive information to force compliance. In one case, he exploited children’s health records from a pediatric healthcare provider, threatening to leak or sell the data if payments were not made. Court documents reveal he distributed sensitive records to hundreds of patients to amplify fear.
The financial impact of the group’s attacks was severe. 13 companies reported losses exceeding $56 million, including $2.8 million in ransom payments, while 41 additional victims are believed to have paid around $13 million. Authorities estimate the total financial damage could reach hundreds of millions, factoring in underreported incidents. Beyond monetary losses, the attacks exposed Social Security numbers, healthcare records, and personal data, with one incident disabling a government 911 emergency system, raising public safety concerns.
The ransomware operation functioned as a highly organized criminal enterprise, with members based primarily in Russia, including an office in St. Petersburg. Investigators found the group used shell companies across Russia, Europe, and the U.S. to obscure its activities. Some members had ties to former Russian law enforcement, enabling access to databases, intimidation tactics, and recruitment efforts while evading scrutiny through bribes and corruption.
Zolotarjovs was arrested in Georgia in December 2023 and extradited to the U.S. in August 2024 after contesting the process. In July 2025, he pleaded guilty to conspiracy to commit money laundering and wire fraud. The case was led by the FBI, with support from international partners, underscoring law enforcement’s cross-border efforts to track cybercriminals.
Authorities continue to investigate related actors and networks as part of broader efforts to disrupt global ransomware operations. The sentencing highlights the persistent threat posed by such groups to businesses and critical infrastructure.
Source: https://thecyberexpress.com/ransomware-organization-sentencing/
United States Federal Government cybersecurity rating report: https://www.rankiteo.com/company/united-states-federal-government
"id": "UNI1777983923",
"linkid": "united-states-federal-government",
"type": "Ransomware",
"date": "7/2025",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'customers_affected': 'Hundreds of patients',
'industry': 'Healthcare',
'type': 'Healthcare provider (pediatric)'},
{'industry': 'Public Safety', 'type': 'Government'},
{'industry': 'Various',
'location': 'Worldwide',
'type': 'Corporate'}],
'attack_vector': 'Data extortion, exploitation of stolen data',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': 'Hundreds (pediatric healthcare '
'provider case)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Social Security numbers',
'healthcare records',
'personal data',
'children’s health records']},
'description': 'A Latvian national, Deniss Zolotarjovs, has been sentenced to '
'102 months in prison for his involvement in a Russian-linked '
'ransomware syndicate that targeted over 54 companies '
'worldwide between June 2021 and August 2023. Zolotarjovs '
'played a central role in the group’s extortion operations, '
'analyzing stolen data and leveraging sensitive information to '
'force ransom payments. The group operated under multiple '
'ransomware brands, including Conti, Karakurt, Royal, '
'TommyLeaks, SchoolBoys Ransomware, and Akira.',
'impact': {'data_compromised': 'Social Security numbers, healthcare records, '
'personal data, children’s health records',
'financial_loss': '$56 million (reported by 13 companies) + ~$13 '
'million (estimated from 41 additional victims)',
'identity_theft_risk': 'High (exposure of Social Security numbers '
'and personal data)',
'operational_impact': 'Disabled 911 emergency system, disrupted '
'business operations',
'systems_affected': 'Government 911 emergency system, corporate '
'systems'},
'investigation_status': 'Ongoing (related actors and networks)',
'motivation': 'Financial gain, data extortion',
'post_incident_analysis': {'root_causes': 'Organized cybercriminal enterprise '
'with ties to Russian law '
'enforcement, use of shell '
'companies, bribery/corruption'},
'ransomware': {'data_exfiltration': 'Yes',
'ransom_paid': '$2.8 million (reported) + ~$13 million '
'(estimated)',
'ransomware_strain': ['Conti',
'Karakurt',
'Royal',
'TommyLeaks',
'SchoolBoys Ransomware',
'Akira']},
'references': [{'source': 'U.S. Department of Justice'}],
'regulatory_compliance': {'legal_actions': 'Conspiracy to commit money '
'laundering and wire fraud'},
'response': {'law_enforcement_notified': 'Yes (FBI, international partners)'},
'threat_actor': 'Russian-linked ransomware syndicate (Conti, Karakurt, Royal, '
'TommyLeaks, SchoolBoys Ransomware, Akira)',
'title': 'Latvian Cybercriminal Sentenced for Role in Major Ransomware '
'Operation',
'type': 'Ransomware'}