Conti, Akira ransomware affiliate given 8-year sentence

A Latvian ransomware affiliate was sentenced to more than eight years in prison for conducting attacks on behalf of several criminal brands including Conti and Akira.

Deniss Zolotarjovs pleaded guilty in July 2025 to money laundering and wire fraud charges after being arrested in the country of Georgia. He was extradited to the U.S. in August 2024 on accusations that he was a key ransomware operator who specialized in escalating pressure tactics during ransom negotiations with victims. 

Zolotarjovs was specifically tasked with analyzing data stolen from victims, researching the companies and using the information to force victims into paying. He was typically brought in to close negotiations and was paid 10% of the ransom.

In one incident, prosecutors said Zolotarjovs became enraged when a pediatric healthcare company refused to pay a ransom. He urged other members of his group to leak or sell copies of children’s health information, eventually escalating further to sending samples of the stolen pediatric data to hundreds of patients as a threat. 

Zolotarjovs, who is a 35-year-old Latvian citizen but was born in Moscow, worked for a cybercriminal group that was run by a former leader of the prolific but now-defunct Conti ransomware gang. 

Prosecutors identified the group as Karakurt — a ransomware and data extortion operation that has faded from view in recent years but launched dozens of high-profile attacks dating back to 2020. 

Investigators said the group used dozens of different names when extorting victims, including Conti, Karakurt, Royal, TommyLeaks, SchoolBoys and Akira. The FBI gained access to a chat server where they saw how the group’s members coordinated attacks, extorted victims and profited from the incidents.

The DOJ said the organization operated out of an office building in St. Petersburg and included multiple former Russian law enforcement officers. This has given the operation access to new recruits and other perks like exemption from compulsory military service or taxes. 

During Zolotarjovs’s participation in the organization — from about June 2021 to March 2023 — the organization stole from and extorted over 53 companies. Prosecutors said he helped cause $56 million in losses, including nearly $3 million in ransom payments. They noted that this is likely a severe undercount of the financial impact caused by Zolotarjovs’s ransomware attacks. 

“The defendant played a key role in the conspiracy. Having lived and attended school in Western Europe, he was an asset to the organization. His English skills and hardball tactics made him particularly effective in reviving negotiations,” prosecutors said. 

“His success was noted by other members of the conspiracy, and he was asked to train and guide a coconspirator that has since gone on to become the lead negotiator for the organization. His participation in the conspiracy was sustained over thousands of messages sent over a multi-year period.” 

Prosecutors warned that the organization Zolotarjovs was part of “remains active and prolific.” Incident responders from Google said Akira, one of the ransomware brand names used by the gang, was the second most frequently observed malware family in 2025 and researchers have tied more than 100 attacks this year to the operation. 

His former ransomware associates “have only grown more dangerous, becoming one of the most, if not the most, most active ransomware groups today,” prosecutors said. Zolotarjovs is the only member of his group to face a U.S. court. 

The DOJ argued for a lengthier sentence, telling the court that once his sentence is complete, Zolotarjovs will likely return to Russia and continue his ransomware work. 

“Depriving them of the defendant’s services as a trusted, experienced, and skilled negotiator is a valuable benefit to the public,” prosecutors said. “A significant period of incarceration allows technology to evolve past Zolotarjovs’s expertise and the criminal network he relied on to degrade.”

The Justice Department argued for a sentence of 126 months but the judge gave him 102 months in prison. 

“With this sentence, a cruel, ruthless, and dangerous international cybercriminal is now behind bars,” said Assistant Attorney General A. Tysen Duva. 

“Deniss Zolotarjovs helped his ransomware gang profit from hacks of dozens of companies, and even on a government entity whose 911 system was forced offline. He also used stolen children’s health information to increase his leverage to extort victim payments.