Deniss Zolotarjovs, a 33-year-old Latvian national and member of the Russian Karakurt ransomware group, has been charged in the U.S. with money laundering, wire fraud, and extortion. Zolotarjovs, who lived in Moscow, was arrested in Georgia, Eastern Europe, in December 2023 and extradited to the U.S. earlier this month. The FBI’s investigation revealed his involvement in Karakurt’s extortion operation, which targeted company systems, stole data, and demanded ransom under the threat of public leaks or sales to other cybercriminals.
Court documents and the U.S. Department of Justice indicate that Zolotarjovs, operating under the alias “Sforza_cesarini,” was involved in at least six extortion cases affecting American organizations from August 2021 to November 2023. His role included negotiating so-called “cold case” extortions where ransom negotiations had stalled. Zolotarjovs was identified through cryptocurrency tracing, communication analysis, and data from search warrants, linking him to extortion and money laundering activities.
Karakurt, which emerged in mid-2021, focuses solely on data exfiltration and extortion, without deploying encryption tools in their attacks. The group gained notoriety for publishing victims’ data on their leaks site and was later revealed to be a data extortion arm of the now-dismantled Conti cybercrime syndicate. Zolotarjovs’s arrest marks the first time a Karakurt member has been extradited to the U.S., and it may pave the way for further arrests and prosecutions.
Zolotarjovs faces severe penalties, including up to 20 years in prison for each charge, along with fines up to $500,000 or twice the value of the property involved in the transaction for money laundering. The arrest underscores the U.S. authorities’ commitment to tackling international cybercrime and could lead to further disruptions within the Karakurt group.
Reference:
