Karakurt Ransomware Negotiator Sentenced to 8.5 Years for $56 Million Extortion Scheme

Severity: High (Score: 66.5)

Sources: Bleepingcomputer, Local12, www.cincinnati.com, Thecyberexpress, Aol

Summary

Deniss Zolotarjovs, a 35-year-old Latvian national, was sentenced to 8.5 years in prison for his role in the Karakurt ransomware group, which extorted over 53 companies, resulting in losses exceeding $56 million. Arrested in Georgia in December 2023, he was extradited to the U.S. and pleaded guilty to conspiracy to commit wire fraud and money laundering in July 2025. Zolotarjovs acted as a negotiator, pressuring victims to pay ransoms by leveraging stolen personal and health information. His group was involved in attacks that compromised sensitive data, including Social Security numbers and health records, and even targeted a government agency's 911 system. The FBI linked him to at least six extortion cases against American organizations. Zolotarjovs received 10% of the ransom payments he negotiated, typically paid in cryptocurrency. His sentencing marks the first prosecution of a Karakurt member in the U.S., potentially paving the way for further actions against other group members. Key Points: • Deniss Zolotarjovs sentenced to 8.5 years for extorting over $56 million from 53 companies. • He negotiated ransom payments, leveraging stolen health information to pressure victims. • Zolotarjovs is the first Karakurt member prosecuted in the U.S., indicating potential future actions.

Key Entities

• Ransomware (attack_type)
• Karakurt Extortion Operation (campaign)
• Georgia (country)
• Russia (country)
• United States (country)
• Healthcare (industry)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1486 - Data Encrypted for Impact (mitre_attack)
• T1567 - Exfiltration Over Web Service (mitre_attack)
• Akira (ransomware_group)
• BlackCat (ransomware_group)
• Conti (ransomware_group)
• Karakurt (ransomware_group)
• Royal (ransomware_group)