Back

Latvian Ransomware Negotiator Sentenced for $56 Million Cyber Extortion Scheme

Severity: High (Score: 68.0)

Sources: Aol, Bleepingcomputer, www.cincinnati.com, Cyberscoop, Thecyberexpress

Summary

Deniss Zolotarjovs, a 35-year-old Latvian national, was sentenced to 8.5 years in federal prison for his role in a ransomware organization linked to over 54 cyberattacks on various companies from June 2021 to August 2023. The group, known as Karakurt, TommyLeaks, and SchoolBoys Ransomware, extorted victims by threatening to leak sensitive data, including Social Security numbers and health records. Zolotarjovs was primarily responsible for negotiating ransom payments, which totaled approximately $16 million, and he received a 10% cut of the ransoms paid. His tactics included leveraging stolen children's health information to pressure victims, leading to significant financial losses exceeding $56 million. The FBI noted that the group operated with a structured hierarchy and had connections to former Russian law enforcement. Zolotarjovs was arrested in Georgia in December 2023 and extradited to the U.S. in August 2024, where he pleaded guilty to conspiracy to commit money laundering and wire fraud. Key Points: • Deniss Zolotarjovs was sentenced to 8.5 years for extorting over 54 companies. • The ransomware group caused financial losses exceeding $56 million, including $16 million in ransoms. • Zolotarjovs used sensitive data, including children's health records, to coerce victims into paying.

Key Entities

  • Ransomware (attack_type)
  • Karakurt Extortion Operation (campaign)
  • Victim Company-6 (company)
  • Costa Rica (country)
  • Georgia (country)
  • Russia (country)
  • United States (country)
  • ic3.gov (domain)
  • tips.fbi.gov (domain)
  • Government (industry)
  • Healthcare (industry)
  • T1041 - Exfiltration Over C2 Channel (mitre_attack)
  • T1486 - Data Encrypted for Impact (mitre_attack)
  • T1567 - Exfiltration Over Web Service (mitre_attack)
  • Akira (ransomware_group)
  • Black Basta (ransomware_group)
  • BlackCat (ransomware_group)
  • BlackSuit (ransomware_group)
  • Conti (ransomware_group)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed