**Deniss Zolotarjovs**, a 35-year-old from Moscow, Russia, was apprehended in Georgia in December 2023 and subsequently pleaded guilty in July 2025 to conspiracy to commit wire fraud and money laundering. The charges stemmed from his involvement with the **Karakurt** extortion operation. ### Role in Karakurt Assistant Attorney General A. Tysen Duva stated that Zolotarjovs facilitated the ransomware gang's profits by targeting numerous companies, including a government entity whose 911 system was disrupted. He also exploited stolen children's health information to coerce victims into paying ransoms. Court documents reveal that Zolotarjovs, also known as "Sforza_cesarini," was a member of the **Karakurt** group, which is reportedly led by former **Conti** ransomware gang leaders. The group specialized in compromising systems, exfiltrating data, and demanding ransom under the threat of public data leaks. The **FBI** linked Zolotarjovs to at least six extortion cases against American organizations between August 2021 and November 2023. His primary function was to negotiate so-called "cold case extortions," where communication with victims had ceased without a ransom payment. ### Tactics and Impact Zolotarjovs was instrumental in persuading victims to reconsider their refusal to pay ransom demands. He conducted in-depth research on targeted companies and analyzed stolen sensitive information to amplify psychological pressure. He also had ties to attacks conducted by other ransomware groups, including **Conti**, **Royal**, **TommyLeaks**, **SchoolBoys Ransomware**, and **Akira**. According to the **Department of Justice**, attacks on just 13 of the more than 54 companies targeted resulted in over $56 million in losses, including approximately $2.8 million in ransom payments. The total losses, including unreported incidents, are estimated to be in the hundreds of millions of dollars. ### Implications Zolotarjovs is the first **Karakurt** member to be charged and sentenced in the U.S., potentially paving the way for further prosecutions. In related news, two former **Sygnia** and **DigitalMint** employees were also sentenced to four years in prison each for their involvement in **BlackCat** (**ALPHV**) ransomware attacks.