Latvian Ransomware Negotiator Sentenced to 8.5 Years

Deniss Zolotarjovs, 35, a Latvian national who worked as a negotiator for a ransomware group tied to former Conti leaders, received an eight-and-a-half-year federal prison sentence after pleading guilty to conspiracy to commit money laundering and wire fraud.

Authorities arrested Zolotarjovs in Georgia in December 2023. He was transferred into U.S. custody in August 2024 and entered his guilty plea in July 2025. Prosecutors say he pressured victims to pay ransoms, analyzed stolen data to identify sensitive records, and used those records to increase leverage during extortion negotiations.

Officials tied Zolotarjovs to a group that operated under several names, including Conti, Karakurt, Royal, TommyLeaks, SchoolBoys Ransomware and Akira. Between June 2021 and August 2023 the group stole data from more than 54 companies worldwide. Federal filings list 13 victims with more than $56 million in documented losses, including about $2.8 million in ransom payments; prosecutors say total losses for the period are likely in the hundreds of millions of dollars when extrapolated from known cases.

In one incident the group disrupted a government entity’s 911 system. Prosecutors say Zolotarjovs targeted a pediatric healthcare provider, used children’s medical records to press for payment, and urged co-conspirators to leak or sell the data when ransom demands were not met.

Investigators describe the organization as having a formal management structure with separate teams for hacking, data theft, negotiation and extortion. The group was largely Russian or Russia-based and operated for a time from an office in St. Petersburg. Members used a network of companies across Russia, Europe and the United States to obscure their activities. Several operatives were former Russian law enforcement officers who could access government databases and assist with recruitment and intimidation. Prosecutors also say leaders avoided Russian taxes and compulsory military service.

In a statement, Dominick S. Gerace II, U.S. Attorney for the Southern District of Ohio, said, “Cyber criminals might think they are invulnerable by hiding behind anonymizing tools and complex cryptocurrency patterns while they attack American victims from non-extradition countries. Zolotarjovs’s prosecution shows that federal law enforcement also has a global reach, and we will hold accountable bad actors like Zolotarjovs, who will now spend significant time in prison.” Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division noted that Zolotarjovs helped the gang profit from hacks of dozens of companies and used stolen children’s health information to strengthen extortion demands.

Prosecutors framed the sentence as part of a broader effort to disrupt the financial and operational networks of ransomware groups linked to former Conti leaders and affiliates. They say dismantling those networks and prosecuting key members are steps in targeting campaigns that have affected healthcare providers, private companies and public services.