Member of Prolific Russian Ransomware Group Sentenced to Prison
Monday, May 4, 2026 - A Latvian national was sentenced today to 102 months in prison for his role in a major Russian ransomware organization that stole from and extorted over 54 companies.
“With this sentence, a cruel, ruthless, and dangerous international cybercriminal is now behind bars,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division. “Deniss Zolotarjovs helped his ransomware gang profit from hacks of dozens of companies, and even on a government entity whose 911 system was forced offline. He also used stolen children’s health information to increase his leverage to extort victim payments. The Criminal Division will continue to investigate and prosecute international hackers and extortionists from around the world, no matter where they live or operate.”
“Ransomware groups disrupt victims’ lives, cruelly extracting money through psychological manipulation and fear. And they create lingering security issues,” said U.S. Attorney Dominick S. Gerace II for the Southern District of Ohio. “Cybercriminals might think they are invulnerable by hiding behind anonymizing tools and complex cryptocurrency patterns while they attack American victims from non-extradition countries. But Zolotarjovs’s prosecution shows that federal law enforcement also has a global reach, and we will hold accountable bad actors like Zolotarjovs, who will now spend significant time in prison.”
“Cybercriminals like Deniss Zolotarjovs may try to hide in the shadows, but the FBI will find them,” said Special Agent in Charge Jason Cromartie of the FBI Cincinnati Field Office. “This case demonstrates the relentless pursuit by our FBI special agents, working with partners across the globe, to hold this criminal accountable for the millions of dollars he extorted from U.S. organizations.”
According to court documents, Deniss Zolotarjovs (Денисс Золотарёвс), 35, of Moscow, Russia, was a member of a ransomware organization led by former leaders of the Conti ransomware group. Brands used to identify the organization in ransom notes to their victims during the time of his involvement include Conti, Karakurt, Royal, TommyLeaks, SchoolBoys Ransomware, and Akira, among others.
During the time of Zolotarjovs’s active participation in the organization, approximately June 2021 to August 2023, the organization stole data from over 54 companies, including many in the United States.
Zolotarjovs was primarily responsible for escalating pressure on victims who initially resisted prompt payment of the organization’s ransom demands. Zolotarjovs analyzed stolen data, researched victim companies, and exploited his access to particularly sensitive and extremely personal information.
In one attack on a pediatric healthcare company, Zolotarjovs deliberately leveraged children’s health information for extortion. When he failed in extracting a ransom from this victim, he urged coconspirators to be “DESTROYERS” and to leak or sell copies of these pediatric health records to sow fear among future victims. When one of his co-conspirators suggested sending each pediatric patient their own data, Zolotarjovs instead sent a “general pack” of sensitive data to “hundreds of patients,” noting that taking the time to send each victim only their own data would be “routine work” that he had no time for.
Of the more than 54 companies attacked, attacks on just 13 of those companies resulted in over $56 million in losses, including approximately $2.8 million in ransom payments. This loss estimate only includes known victim companies and does not include an additional 41 victim companies that made $13 million in ransom payments during that same period but for whom the government does not yet have detailed loss statements. Due to widespread underreporting of ransomware attacks, true loss numbers are uncertain, but, extrapolating from the known victims and known losses, the government estimates total losses for the period of Zolotarjovs’s participation to likely be in the hundreds of millions of dollars.
These loss estimates omit the cost, both psychological and financial, to tens of thousands of individual clients whose data was stolen from these victim companies. Attacks during this period resulted in the theft and exposure of Social Security numbers, addresses, dates of birth, home addresses, healthcare information and the shutdown of a government entity’s 911 system, placing lives at risk.
Members of the organization were Russian or based in Russia and operated for a time out of an office building on Lakhtinskaya Street in St. Petersburg, Russia. The organization relied on a hierarchical management structure and divided the work into separate teams, using a network of companies registered throughout Russia, Europe, and the United States to obfuscate its operations. In Russia, the organization fueled corruption and abused Russian public resources in pursuit of personal financial gain. Members of the organization included multiple former Russian law enforcement officers. These connections allowed members of the group to co-opt Russian government databases and law enforcement connections to intimidate and harass personal detractors, and to identify and evaluate potential new recruits to the organization. Corruption also ensured special treatment for members of the organization. Leaders avoided Russian taxes and regularly paid bribes to exempt members — draft-age men — from compulsory military service in Russia.
Zolotarjovs was arrested in the country of Georgia in December 2023 and transferred to U.S. custody in August 2024 after contesting extradition. In July 2025, he pleaded guilty to conspiring to commit both money laundering and wire fraud.
The FBI’s Cincinnati Field Office investigated the case. Law enforcement leaders commended the FBI offices in Cleveland, San Diego, Salt Lake City, and Richmond, Virginia, for their vital roles in the investigation and officials in Georgia for their role in the extradition.
Trial Attorney Benjamin A. Bleiberg and Senior Counsel Bryce B. Rosenbower of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant Deputy Criminal Chief Timothy S. Mangan for the Southern District of Ohio prosecuted the case.The Justice Department’s Office of International Affairs worked with the Government of Georgia to secure Zolotarjovs’s arrest and extradition from Georgia. The United States thanks the Government of Georgia for its assistance extraditing Zolotarjovs to the United States.
U.S. Department of Justice
Office of Public Affairs
Source: Justice.gov
