Cincinnati, Ohio – A Latvian man tied to one of the world’s most notorious ransomware operations has been sentenced to more than eight years in federal prison after authorities said he helped extort millions of dollars from businesses and organizations, including a government agency whose 911 system was disrupted.
Federal officials announced that 35-year-old Deniss Zolotarjovs was sentenced to 102 months in prison for his role in the international ransomware group known as Karakurt, TommyLeaks, and SchoolBoys Ransomware. Prosecutors described him as a key negotiator who helped pressure victims into paying large cryptocurrency ransoms after sensitive data was stolen.
Zolotarjovs was arrested overseas in December 2023 and later transferred to United States custody in August 2024. He pleaded guilty in July 2025 to conspiracy charges involving both money laundering and wire fraud.
Authorities said the ransomware operation targeted dozens of victims between June 2021 and March 2023, causing more than $56 million in losses. The group reportedly attacked at least 53 victims during that period, including organizations connected to the Southern District of Ohio.
Investigators say stolen data was used to pressure victims
Ransomware attacks typically involve hackers breaking into computer systems, stealing or locking data through malicious software, and then demanding payment in exchange for restoring access or preventing public release of the information. Officials said the attacks connected to this case exposed highly sensitive records, including Social Security numbers, healthcare information, birth dates, and home addresses.
One particularly alarming incident involved a government entity whose 911 emergency system was forced offline. Prosecutors said the cybercriminal group used fear, disruption, and threats to force victims into paying.
“Ransomware groups disrupt victims’ lives, cruelly extracting money through psychological manipulation and fear. And they create lingering security issues,” said U.S. Attorney Dominick S. Gerace II for the Southern District of Ohio. “Cybercriminals might think they are invulnerable by hiding behind anonymizing tools and complex cryptocurrency patterns while they attack American victims from non-extradition countries. But Zolotarjovs’s prosecution shows that federal law enforcement also has a global reach, and we will hold accountable bad actors like Zolotarjovs, who will now spend significant time in prison.”
Federal investigators said Zolotarjovs was not responsible for carrying out the actual cyber intrusions. Instead, his role centered on reviewing stolen data and helping direct extortion negotiations. According to court documents, online chat records showed he personally negotiated with victims and advised coconspirators on ways to increase pressure during ransom demands.
Officials pointed to one example involving a pediatric healthcare company that hesitated to pay quickly. Prosecutors said Zolotarjovs intentionally suggested using “patient lists and histories” to intensify pressure on the organization. Authorities also stated he encouraged the release of children’s medical information on the dark web to punish the victim company for resisting demands.
“With this sentence, a cruel, ruthless, and dangerous international cybercriminal is now behind bars,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division. “Deniss Zolotarjovs helped his ransomware gang profit from hacks of dozens of companies, and even on a government entity whose 911 system was forced offline. He also used stolen children’s health information to increase his leverage to extort victim payments. The Criminal Division will continue to investigate and prosecute international hackers and extortionists from around the world, no matter where they live or operate.”
Cryptocurrency payments and global investigation
Authorities said Zolotarjovs earned 10 percent of the ransom payments he negotiated. He was reportedly paid through cryptocurrency transactions that moved through multiple digital wallets before eventually being converted into Russian rubles.
The case involved cooperation among multiple FBI offices across the country, including teams in Cleveland, San Diego, Richmond, and Salt Lake City. Officials in Georgia also played an important role in securing Zolotarjovs’s extradition to the United States.
“Cybercriminals like Deniss Zolotarjovs may try to hide in the shadows, but the FBI will find them,” stated FBI Cincinnati Special Agent in Charge Jason Cromartie. “This case demonstrates the relentless pursuit by our FBI special agents, working with partners across the globe, to hold this criminal accountable for the millions of dollars he extorted from U.S. organizations.”
Federal officials said the prosecution reflects growing international cooperation in combating cybercrime operations that target businesses, hospitals, and government systems. Investigators stressed that even individuals operating overseas can still face arrest, extradition, and prison time when connected to major cyber extortion schemes affecting American victims.
